Commit 678af160 authored by Leigh Stoller's avatar Leigh Stoller

Fix up permission check in projaccess. group root in main group allows

you to approve users to main group. Not allowed to "edit" the group
membership in the main group of course; the check was for both cases.
parent 0dd12dba
......@@ -293,8 +293,13 @@ function TBProjAccessCheck($uid, $pid, $gid, $access_type)
$access_type == $TB_PROJECT_CREATEEXPT) {
$mintrust = $TBDB_TRUST_LOCALROOT;
}
elseif ($access_type == $TB_PROJECT_ADDUSER ||
$access_type == $TB_PROJECT_EDITGROUP) {
elseif ($access_type == $TB_PROJECT_ADDUSER) {
#
# Allow delegation of approving users to group_root in main group.
#
$mintrust = $TBDB_TRUST_GROUPROOT;
}
elseif ($access_type == $TB_PROJECT_EDITGROUP) {
if (strcmp($gid, $pid) == 0) {
$mintrust = $TBDB_TRUST_PROJROOT;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment