Commit 7299df78 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Minor fix to permission checks when creating a new group (confusion over

isadmin checks).
parent acb753a4
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2007 University of Utah and the Flux Group.
# Copyright (c) 2000-2008 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -298,11 +298,10 @@ if (! $leader) {
#
# Verify leader. Any user can lead a group, but they must be a member of
# the project, and we have to avoid an ISADMIN() check in AccessCheck().
# the project.
#
my $proj_leader = $project->GetLeader();
if (!$leader->SameUser($proj_leader) ||
$leader->status() eq USERSTATUS_UNAPPROVED() ||
if ($leader->status() eq USERSTATUS_UNAPPROVED() ||
!$project->AccessCheck($leader, TB_PROJECT_LEADGROUP())) {
UserError("GroupLeader: $group_leader does not have enough permission ".
"to lead a group in project $group_pid!");
......
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2005, 2006, 2007 University of Utah and the Flux Group.
# Copyright (c) 2005, 2006, 2007, 2008 University of Utah and the Flux Group.
# All rights reserved.
#
package Group;
......@@ -706,9 +706,10 @@ sub AccessCheck($$$)
print "*** Invalid access type: $access_type!\n";
return 0;
}
# Admins do whatever they want.
# Admins do whatever they want. Treat leadgroup special though since
# the user has to actually be a member of the project, not just an admin.
return 1
if ($user->IsAdmin());
if ($user->IsAdmin() && $access_type != TB_PROJECT_LEADGROUP);
if ($access_type == TB_PROJECT_READINFO) {
$mintrust = PROJMEMBERTRUST_USER;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment