bitdancer  committed c394e31

Fix security bug: Users were able to see hashed passwords of other users.

  • Participants
  • Parent commits 6d5ba69

Comments (0)

Files changed (2)

+*.swp'Coordinator', 'SB: May Classify')'Developer', 'SB: May Classify')
-# May users view other user information? Comment these lines out
-# if you don't want them to'User', 'View', 'user')'Developer', 'View', 'user')
+# Allow Users and Developers to view most user properties.
+p ='View', klass='user',
+   properties=('username', 'address', 'realname', 'phone',
+         'organisation', 'alternate_addresses', 'timezone'))'User', p)'Developer', p)
+# Coordinator may view all user properties.'Coordinator', 'View', 'user')
 # Allow Coordinator to edit any user, including their roles.