Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-12912

CommentService validation methods do not check user's security level

    XMLWordPrintable

Details

    Description

      The validateCommentUpdate(), hasPermissionToUpdate() and hasPermissionToDelete() methods on DefaultCommentService check the user's comment-related permissions but neglect to check whether they have a role/group security level viewable by the user attempting to delete a comment.

      Attachments

        Activity

          People

            dushan@atlassian.com Dushan Hanuska [Atlassian]
            tim@atlassian.com TimP
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 3h Original Estimate - 3h
                3h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 4h
                4h