Project

General

Profile

Bug #5670

Repo-level administrators can usurp owner of repoistory

Added by Yechen Qiao about 2 months ago. Updated 2 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
12.10.2021
Due date:
% Done:

0%

Estimated time:
Sorting:
Commit Number:
Affected Version:

Description

Not sure if this is a bug or a feature, but what I have found out is that any admins designated to be just a repo-level administrator (no repo group level admin and not super-admin), can modify the ownership of the repository to someone else. Even though in the access control page, the owners's rights looks unmodifiable.

#1

Updated by Marcin Kuzminski [CTO] 2 days ago

If you're an admin of repository you have right to modify all their settings including ownership information. Would you feel only owner, or super-admins should be able to change the ownership ?

Also available in: Atom PDF