Skip to content

Bug: Only allow users to create their own project user records #1233

New issue
New issue
Closed
Closed
Bug: Only allow users to create their own project user records#1233
Labels
Time: 1 hourbugupstream bug
Milestone
Project member roles
@begedin

Description

@begedin
begedin
opened on Nov 22, 2017

From #1232,

A user can create their own ProjectUser record - no role level check happens here, so this is definitely a bug. Basically, accessing the API directly, any user can make themselves owner, collaborator, admin or pending member of a project

To fix this, we should enforce the following create rule

A user can create their own ProjectUser record, provided the role is "pending". This basically means they are allowed to apply for project memberships

Metadata

Metadata

Assignees

No one assigned

    Labels

    Time: 1 hourbugupstream bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions