[geeklog-devel] Group Admin revisited

Dirk Haun dirk at haun-online.de
Mon Jan 26 17:13:57 EST 2004

In the wake of bug #135 (Group Admin can become Root - fixed with the
latest security release), I'd like to discuss the idea behind how Group
Admin works at the moment.

Samuel Stone, who found the above bug, wrote:

>There is another issue.  While the Root access
>problem is solved, I can not limit permission on other items if I give
>that person Users Admin permission.
>For example, I give him User Admin but not Plugin Admin.  He can still
>change his own user permission to include Plugin Admin.
>I think the logic is to hide all the non-permitted check boxes for the
>Users admin.

My first reaction was "okay, so maybe we need two sorts of Group Admins".
But the more I think about it, the more Sam's suggestion makes sense.

Is there any reason why a Group Admin should be able to assign someone to
a group in which he himself is not a member? I can't think of one. Tony?

bye, Dirk


More information about the geeklog-devel mailing list