Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disallow the removal of hubAdmin privileges in PATCH /orgs/{orgid}/users/{username} #627

Open
ewee33 opened this issue Jun 22, 2022 · 0 comments
Open

Disallow the removal of hubAdmin privileges in PATCH /orgs/{orgid}/users/{username} #627

ewee33 opened this issue Jun 22, 2022 · 0 comments
Labels
bug

Comments

@ewee33
Copy link
Contributor

ewee33 commented Jun 22, 2022

In the getAnyProblem() method for the PatchUsersRequest class, an improperly formatted check allows a hub admin's hubAdmin privilege to be revoked. This effectively allows an unprivileged user to be a member of the root org, which is unintentional. This is also inconsistent with the getAnyProblem() method for the PostPutUsersRequest class.
@ewee33 ewee33 self-assigned this Jun 22, 2022
@ewee33 ewee33 added the bug label Jun 22, 2022
ewee33 added a commit to ewee33/exchange-api that referenced this issue Jun 27, 2022
@ewee33
Issue open-horizon#627: Updated the getAnyProblem() method for PATCH …
ce5932e 
…/orgs/{orgid}/users/{username} to match the method in the POST route

Signed-off-by: Ethan Weaver <emw0022@mix.wvu.edu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ewee33