pontomail admin block link access control broken
Chris Johnson - November 21, 2006 - 11:17
| Project: | Pontomail Webmail Client |
| Version: | 4.7.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Description
The admin block link for pontomail is displayed to anonymous users, even though they are configured to have NO access rights on my site. Worse, clicking on the link actually displays the admin settings for pontomail to those same anonymous users who shouldn't have any rights, much less admin rights!
Attached is a screen shot (GIF) showing an anonymous, no rights user view of the admin page.
| Attachment | Size |
|---|---|
| pontoadmin.gif | 12.91 KB |
