Details
-
Bug
-
Resolution: Fixed
-
Major
-
COmanage Registry 3.3.3 (Magic Ring MR3)
Description
A user who is the owner of a CoGroup and who has no other privileges (is NOT a CO admin, is NOT a COU admin, is NOT a platform admin) cannot filter on names when trying to manage group memberships and add somebody to a group.
An example is a POST sent to
https://registry-test.xsede.org/registry/co_group_members/search
with data (not including the token...)
data[CoGroupMember][co_id]: 2
data[CoGroupMember][cogroup]: 165
data[search][givenName]: Leslie
data[search][familyName]:
data[search][mail]:
data[search][identifier]:
data[search][status]:
data[search][members]: 0
data[search][owners]: 0
The result is a 302 and the flash set to "Persmission Denied".