[geeklog-devel] Group Admin revisited
dirk at haun-online.de
Mon Jan 26 17:13:57 EST 2004
In the wake of bug #135 (Group Admin can become Root - fixed with the
latest security release), I'd like to discuss the idea behind how Group
Admin works at the moment.
Samuel Stone, who found the above bug, wrote:
>There is another issue. While the Root access
>problem is solved, I can not limit permission on other items if I give
>that person Users Admin permission.
>For example, I give him User Admin but not Plugin Admin. He can still
>change his own user permission to include Plugin Admin.
>I think the logic is to hide all the non-permitted check boxes for the
My first reaction was "okay, so maybe we need two sorts of Group Admins".
But the more I think about it, the more Sam's suggestion makes sense.
Is there any reason why a Group Admin should be able to assign someone to
a group in which he himself is not a member? I can't think of one. Tony?
More information about the geeklog-devel