SVN management page has too broad permissions #54740

Open
opened 2018-04-20 11:54:45 +02:00 by Sybren A. Stüvel · 1 comment

For example, sybren@blender.studio has access to https://cloud.blender.org/p/spring/edit/svnman without being part of the project.

The roles & caps of that user are:

Roles:

  demo
  org-subscriber
  subscriber-pro

Capabilities:

  attract-use
  attract-view
  flamenco-use
  flamenco-view
  flamenco-view-logs
  home-project
  subscriber
  svn-use
For example, sybren@blender.studio has access to https://cloud.blender.org/p/spring/edit/svnman without being part of the project. The roles & caps of that user are: Roles: ``` demo org-subscriber subscriber-pro ``` Capabilities: ``` attract-use attract-view flamenco-use flamenco-view flamenco-view-logs home-project subscriber svn-use

Added subscribers: @dr.sybren, @fsiddi

Added subscribers: @dr.sybren, @fsiddi
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: archive/pillar#54740
No description provided.