Ticket #2968 (new defect)
Anyone can access organization members page
| Reported by: | seanh | Owned by: | |
|---|---|---|---|
| Priority: | awaiting triage | Milestone: | ckan 2.0 |
| Component: | ckan | Keywords: | organizations |
| Cc: | Repository: | ckan | |
| Theme: | none |
Description
The button will not show if you are not authorized but browse to /organization/members/foo and you can edit the members, it does stop you when you try to save your changes, but you shouldn't be able to get to the page at all
Note: See
TracTickets for help on using
tickets.
This also applies to other pages such as /member_new and /member_delete