Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-25720

User can edit other users when he is only the Site Owner/Administrator of the organization

    Details

      Description

      Steps to reproduce:

      1. Create tow new users A and B
      2. Create a new organization with a site and assign both users as members
      3. Assign the Site Owner or Site Administrator role to user A
      4. Log in with user A and in control panel click on Users and Organizations
      5. Click on the organization to see the list of its members
      6. Click on user B to view his data
      7. Change anything and click save

      "Your request completed successfully."

      User A can edit user B's data even though he is only the admin/owner of the site but not the organization.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  7 years, 13 weeks, 5 days ago

                  Packages

                  Version Package
                  6.0.X EE
                  6.1.20 EE GA2
                  --Sprint 11/12
                  6.2.0 CE M2