Bug #5670: Repo-level administrators can usurp owner of repoistory - RhodeCode CE/EE - RhodeCode - issues

Actions

Copy link

Bug #5670

open

Repo-level administrators can usurp owner of repoistory

Added by Yechen Qiao over 1 year ago. Updated about 1 year ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

12.10.2021

Due date:

% Done:

Estimated time:

Sorting:

Commit Number:

Affected Version:

v4.24

Description

Not sure if this is a bug or a feature, but what I have found out is that any admins designated to be just a repo-level administrator (no repo group level admin and not super-admin), can modify the ownership of the repository to someone else. Even though in the access control page, the owners's rights looks unmodifiable.

History
Notes

Actions

Copy link

Updated by Marcin Kuzminski [CTO] about 1 year ago

If you're an admin of repository you have right to modify all their settings including ownership information. Would you feel only owner, or super-admins should be able to change the ownership ?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

RhodeCode CE/EE

Custom queries

Bug #5670

Repo-level administrators can usurp owner of repoistory

Updated by Marcin Kuzminski [CTO] about 1 year ago