Details
-
Incident report
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.2.21rc1
-
Team C
-
Sprint 19, Sprint 21, Sprint 22
-
0.25
Description
Steps to reproduce:
1. Create admin user
2. Login as admin user and create action
3. Open dev tools (F12 - Network - Preserve log)
4. Select action in list and choose mass enable
5. Select actionconf.php in dev tools, copy from headers form data
6. Paste into url and change action id. For example action id=3 (default disabled action for superadmin)
Result: action status changed
Expected result: error something like "No permissions to referred object"
Thanks for report vjaceslavs
