Home » Download » Modules » Account Types » Issues

Moderators can use "Account Types" to become admins

sza - August 20, 2007 - 16:07
Project:Account Types
Version:5.x-1.1
Component:Code
Category:bug report
Priority:normal
Assigned:sza
Status:closed
Description

Users who has access to user module for administer users can simply modify account type of ANY user without limit. Even if they can't "view accounttypes" in accounttypes module.

» Login or register to post comments

#1

rconstantine - August 20, 2007 - 17:42

You're talking about the user_edit form, right? Looks like I need to change the permission from "administer users" to "administer access control". Thanks.

Login or register to post comments

#2

rconstantine - August 20, 2007 - 17:46
Status:active» fixed

Fixed it. Will be in next upload.

Login or register to post comments

#3

sza - August 20, 2007 - 18:22

You're talking about the user_edit form, right?

Yes.

Fixed it. Will be in next upload.

Ok.

Login or register to post comments

#4

Anonymous - September 5, 2007 - 07:11
Status:fixed» closed
Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.