Affects Version/s: 6.1.1 CE GA2, 6.1.10 EE GA1, 6.2.0 CE M2
Environment:Tomcat 7.0 + MySQL 5. 6.1.x Git ID: d526883be2770787b84b1d5bca560cc257054e78.
Tomcat 7.0 + MySQL 5. 6.2.x Git ID: 23e8e46a9e3221ae8e14609bacdb5b0da0d61fb0.
Any member of a site is able to access the Sites portlet in the control panel and, by clicking on the name of the site, view all of the settings in the Site Settings portlet.
1.) Add a user
2.) Add a site
3.) Assign the user to the new site
4.) Remove all roles from the new user
5.) Sign in as the new user
6.) Navigate to control panel
7.) Assert that Site Settings is not an available option on the control panel menu
7.) Click Sites
8.) Click Actions next to the new site
9.) Assert that Edit Settings is not an available option on the Actions menu
10.) Click on the name of the site
The page will load the Site Settings portlet. The Save and Cancel buttons will appear to be available, along with all the other Site Settings information, though the user will not be able to actually save any changes.