CommentService validation methods do not check user's security level

XMLWordPrintable

    • 3.09

      The validateCommentUpdate(), hasPermissionToUpdate() and hasPermissionToDelete() methods on DefaultCommentService check the user's comment-related permissions but neglect to check whether they have a role/group security level viewable by the user attempting to delete a comment.

              Assignee:
              Dushan Hanuska [Atlassian]
              Reporter:
              TimP
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 3h Original Estimate - 3h
                  3h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 4h
                  4h