Download & Extend
RoleAssign » Issues

RoleAssign for D7 — RC1

Posted by salvis on August 10, 2011 at 11:06pm
Project:RoleAssign
Version:7.x-1.0-rc1
Component:Miscellaneous
Category:task
Priority:critical
Assigned:salvis
Status:needs review

Issue Summary

This issue serves to track progress porting 6.x-1.0 to Drupal 7.

Login or register to post comments

Comments

#1

Posted by salvis on August 10, 2011 at 11:10pm
Title:RoleAssign for D7» RoleAssign for D7 — BETA1
Version:7.x-1.x-dev» 7.x-1.0-beta1
Status:active» needs review

We have BETA1 of RoleAssign.

 

Please test this version and provide feedback, both good and bad:

IF this module works for you, please let us know by adding a note to THIS issue below.

IF YOU FIND A BUG, please check the issues queue, and if it hasn't been reported yet, then OPEN A NEW ISSUE!

PLEASE do NOT add bug reports / questions to this issue here.

#2

Posted by salvis on September 5, 2011 at 11:38pm
Title:RoleAssign for D7 — BETA1» RoleAssign for D7 — BETA2
Version:7.x-1.0-beta1» 7.x-1.0-beta2

We have BETA2 of RoleAssign.

Prior versions of RoleAssign had (and other modules with similar functionality may still have) two vulnerabilities:

1. Users with the Administer users permission were able to manipulate and obtain access to the uid 1 account and other accounts having the Administer permissions permission, even if they were restricted by RoleAssign.

2. If they happened to also have the Administer modules permission, they were able to disable RoleAssign and thus obtain the ability to assign all roles.

BETA2 (as well as 6.x-1.x-dev) eliminates both of these vulnerabilities.

 

Please test this version and provide feedback, both good and bad:

IF this module works for you, please let us know by adding a note to THIS issue below.

IF YOU FIND A BUG, please check the issues queue, and if it hasn't been reported yet, then OPEN A NEW ISSUE!

PLEASE do NOT add bug reports / questions to this issue here.

#3

Posted by salvis on November 26, 2011 at 11:17am
Title:RoleAssign for D7 — BETA2» RoleAssign for D7 — RC1
Version:7.x-1.0-beta2» 7.x-1.0-rc1

We have RC1 of RoleAssign.

RC1 has some clean-up work that should not result in any functional changes. Nonetheless, this is the last chance to provide feedback before the 1.0 release. We currently have 150 sites using the D7 version and no one has cared to post a comment yet...

 

Please test this version and provide feedback, both good and bad:

IF this module works for you, please let us know by adding a note to THIS issue below.

IF YOU FIND A BUG, please check the issues queue, and if it hasn't been reported yet, then OPEN A NEW ISSUE!

PLEASE do NOT add bug reports / questions to this issue here.

#4

Posted by sjhuda on December 1, 2011 at 2:38pm

Used RC1 on a production site and so far it seems fine. Thanks.

#5

Posted by salvis on December 10, 2011 at 11:04pm

Thank you, sjhuda!

Everyone please note #1356964: Hide the Administrator role selection in admin/config/people/accounts unless the user has the 'administer permissions'. Add your comments there if you want, not here, please!