Permissions bug in Admin area
|Reported by:||caphun||Owned by:||nobody|
|Severity:||Keywords:||admin, interface, permissions, users, groups, bug|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
If a user is given add/edit/delete permissions to user objects, the user is then able to create other users with greater permissions than itself, even promoting others to superuser status. Furthermore that user could also turn itself super by editing profile. Running off latest SVN version.