-
Bug
-
Resolution: Fixed
-
Medium
-
5.15.2, 7.7.0
-
3
-
Severity 2 - Major
-
3
-
Issue Summary
Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page and the Global permissions page
Steps to Reproduce
- Create a New group named "new_test_group"
- Add a user to the Group
- Add the Group Access for "new_test_group" under the Global permissions page.
- Add the Group to the Project Permissions the users from the group are able to access the Project as expected
- Remove the "new_test_group" Group from the Accounts> Groups page
- The users are no longer able to access the Project as expected however the "new_test_group" is still listed on the Project Permissions page which should have been removed
- When clicked on the "new_test_group" it throws an error as group does not exist.
Expected Results
When the Group is deleted from the Accounts>Groups page the same should be removed from the Global permissions page and Project Permissions page
Actual Results
The deleted group is still listed in the Global permissions page and Project Permissions page
Workaround
The deleted group which are still being listed the Global permissions page and Project Permissions page must be removed manually.
- is related to
-
BSERV-12661 Groups not removed under Project Settings and Global Permissions even when the External Directory is deleted completely
- Gathering Interest
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
This can be even more worse.
If not all usages of the group are deleted:
8. Create group "new_test_group" (again)
9. Add user X to new group and apply to Project / Repo permission
Now user X has, beside the Project / Repo defined in 9., permission which were defined for the earlier in the groups "first life" and not removed as mentioned in the workaround (and it is a mess to find all usages of the group!)... - I would rate this as an security issue!