Description
Role permissions are not enforced correctly. Admin users are able to remove the Owner, and Owners can remove themselves without transferring ownership to another user first.
What is the expected behaviour?
- Admins should be able to remove other admins and members, but should not be able to remove the Owner.
- Owners should be able to remove other users.
- Owners should not be able to remove themselves unless ownership has been transferred to another user.
What is the current behaviour?
- Admin users are able to remove the Owner.
- Owners are able to remove themselves without transferring ownership.
How to reproduce the issue?
-
Log in as the Admin user.
-
Navigate to Team and attempt to remove the Owner.
-
Notice that the Owner can be removed.
-
Log in as the Owner.
-
Navigate to Team and attempt to remove yourself without transferring ownership.
-
Notice that the Owner can remove themselves without any ownership transfer.
Description
Role permissions are not enforced correctly. Admin users are able to remove the Owner, and Owners can remove themselves without transferring ownership to another user first.
What is the expected behaviour?
What is the current behaviour?
How to reproduce the issue?
Log in as the Admin user.
Navigate to Team and attempt to remove the Owner.
Notice that the Owner can be removed.
Log in as the Owner.
Navigate to Team and attempt to remove yourself without transferring ownership.
Notice that the Owner can remove themselves without any ownership transfer.