Update options field do not respect the permissions of the user module
Morn - October 26, 2009 - 11:21
| Project: | Advanced User |
| Version: | 6.x-2.3 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
A role with only 'access advuser' permission can delete/Block an User even if the Permissions of the user Module do not allow him to administer users.
This happens only for the "update options" . The delete Action is ok (no delete allowed for this role)
Drupal Version 6.14
#1