Ticket #2968 (new defect)

Opened 19 months ago

Last modified 19 months ago

Anyone can access organization members page

Reported by: seanh Owned by:
Priority: awaiting triage Milestone: ckan 2.0
Component: ckan Keywords: organizations
Cc: Repository: ckan
Theme: none


The button will not show if you are not authorized but browse to /organization/members/foo and you can edit the members, it does stop you when you try to save your changes, but you shouldn't be able to get to the page at all

Change History

comment:1 Changed 19 months ago by seanh

This also applies to other pages such as /member_new and /member_delete

Note: See TracTickets for help on using tickets.