[geeklog-devel] Group Admin revisited

Dirk Haun dirk at haun-online.de
Mon Jan 26 17:13:57 EST 2004


In the wake of bug #135 (Group Admin can become Root - fixed with the
latest security release), I'd like to discuss the idea behind how Group
Admin works at the moment.

Samuel Stone, who found the above bug, wrote:

>There is another issue.  While the Root access
>problem is solved, I can not limit permission on other items if I give
>that person Users Admin permission.
>
>For example, I give him User Admin but not Plugin Admin.  He can still
>change his own user permission to include Plugin Admin.
>
>I think the logic is to hide all the non-permitted check boxes for the
>Users admin.

My first reaction was "okay, so maybe we need two sorts of Group Admins".
But the more I think about it, the more Sam's suggestion makes sense.

Is there any reason why a Group Admin should be able to assign someone to
a group in which he himself is not a member? I can't think of one. Tony?
Anyone?

bye, Dirk


-- 
http://www.haun-online.de/
http://www.macosx-faq.de/




More information about the geeklog-devel mailing list