[#JRA-11071] Should not allow a user to delete the last group with the global permission administrator

JIRA

Should not allow a user to delete the last group with the global permission administrator

Created: 07/Sep/06 08:09 PM Updated: 28/Dec/06 11:24 PM

Component/s:

User Management

Affects Version/s:

3.6.4

Fix Version/s:

3.7.2

Time Tracking:

Not Specified

Participants:	Dylan Etkin [Atlassian], Scott Farquhar [Atlassian] and Tim Pettersen [Atlassian]
Since last comment:	1 year, 36 weeks ago
Resolution Date:	28/Dec/06 11:24 PM
Labels:

Description

« Hide

We should not allow a user to delete the last group with the global permission administrator. We should also not allow the user delete this group if they are a member of it and they are not a member of another equivilent group. This probably needs to be spec'ed out a bit more so when doing this please grab someone and have a chat about this.

All

Comments

Work Log

Change History

Sort Order:

[ Permlink | « Hide ]

Scott Farquhar [Atlassian] added a comment - 15/Oct/06 07:17 AM

I believe that this is a regression, as you shouldn't be able to delete any group that you are a member of, and you shouldn't be able to remove yourself from the administration permission.

Although perhaps there is a new way in which it could happen?

[ Permlink | « Hide ]

Tim Pettersen [Atlassian] added a comment - 28/Dec/06 11:24 PM

The Group Browser will now show an error on the Confirm Delete page if a user tries to delete a group that is granting them administrator privileges if there is no other group that also grants them administrator privileges. We're still in discussion re: scott's comment as to whether or not a user should be able to delete a group that he or she is a member of, but the immediate issue (a user being able to remove their own administrator rights via the Group Browser) has been addressed.