Bug #5670
Repo-level administrators can usurp owner of repoistory
Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
12.10.2021
Due date:
% Done:
0%
Estimated time:
Sorting:
Commit Number:
Affected Version:
Description
Not sure if this is a bug or a feature, but what I have found out is that any admins designated to be just a repo-level administrator (no repo group level admin and not super-admin), can modify the ownership of the repository to someone else. Even though in the access control page, the owners's rights looks unmodifiable.
Updated by Marcin Kuzminski [CTO] 10 months ago
If you're an admin of repository you have right to modify all their settings including ownership information. Would you feel only owner, or super-admins should be able to change the ownership ?