-
Bug
-
Resolution: Duplicate
-
High
-
None
-
None
Description
Users can access Webdav if he belongs to group with exact name administrators:
- If user belongs to a group with the name as administrators and although this group does not have JIRA Administrators global permission, he still can access Webdav.
- If the group that user belongs to has JIRA Administrators global permission but is not named as administrators, then, he can not access Webdav.
Reproduce steps
- Remove administrators group out of JIRA Administrators global permission.
- Log in with user account that belong to this group, then this user can access Webdav.
- Rename administrators group to jira-system-administrators.
- Add JIRA Administrators global permission to this group.
- Log in with user account that belong to this group, then the user is unable to access Webdav.
- Rename the group back to administrators, then user can access Webdav.
Expected result
- Users belong to group that has JIRA Administrators global permission can access to Webdav regardless the group name.
- Users belong to group with the name as administrators and this group does not have JIRA Administrators global permission are not allowed to access Webdav.
- duplicates
-
-
- Closed
-