Open-event-server: Privacy/security: Admins can change personal details of any user

Created on 30 Dec 2016  路  4Comments  路  Source: fossasia/open-event-server

Admins on clicking on the eye icon shown below on the users panel can view the personal details of any user and even edit them.
@niranjan94 @mariobehling @SaptakS Should this be allowed ?

selection_046

Steps to recreate:

  • click on the specified eye button on any other use
  • change name or any other details of the user
  • save changes
security
Source
picture shubham-padia
👍1

All 4 comments

@mariobehling your views on this?

shubham-padia picture shubham-padia on 3 Jan 2017

@shubham-padia I feel editing shouldn't be allowed.

SaptakS picture SaptakS on 3 Jan 2017
👍1

@SaptakS I'll make relevant changes so that only the profile can be viewed and editing is disabled.

shubham-padia picture shubham-padia on 3 Jan 2017
👍1

Admins: This is a very small group. These are the people who run the system. Of course they are able to see and edit any user. This is just the same as in standard CMS like Drupal and Wordpress.

As the current behavior is the desired behavior, I am closing the issue.

mariobehling picture mariobehling on 3 Jan 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

SaptakS picture SaptakS  路  3Comments
CosmicCoder96 picture CosmicCoder96  路  4Comments
SaptakS picture SaptakS  路  3Comments
mariobehling picture mariobehling  路  4Comments
rafalkowalski picture rafalkowalski  路  3Comments