User with trac admin rights on a project can modify members for all projects repositories
|Reported by:||Owned by:||Ryan J Ollos|
- a user has TRAC_ADMIN rights on project1
- the user browses project1 and project2
- the user project1 svnauthz page see/update project1 and project2 rights !
When looking at the admin_ui module, project_repos is a class attribute not an instance attribute so isolation between projects is broken.
Note: See TracTickets for help on using tickets.