Skip to content
This repository has been archived by the owner on Apr 23, 2022. It is now read-only.

UTAs who have previously HTA'd have HTA permissions for life #280

Open
mlavrent opened this issue Dec 30, 2020 · 0 comments
Open

UTAs who have previously HTA'd have HTA permissions for life #280

mlavrent opened this issue Dec 30, 2020 · 0 comments

Comments

@mlavrent
Copy link

This is a security vulnerability for class settings.

Scenario:

  • I was HTA for cs1950y in Spring 2020
  • I was UTA for cs1730 in Fall 2020
  • I had HTA permissions for both cs1950y and cs1730 in Fall 2020. In other words, I could add TAs, and, more alarmingly, remove the current HTAs!

Ideally, HTA permissions should only be given per course-semester (e.g. cs1950y Spring 2020) rather than all-or-nothing type of deal.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mlavrent