Actions
Bug #4034
closedAutoConfigBackup - user-config-readonly priv still does backup
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
AutoConfigBackup
Target version:
-
Start date:
11/22/2014
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
A user with the priv user-config-readonly cannot change the config. This is handled correctly in write_config().
But AutoConfigBackup still makes a backup each time that read-only user presses Save somewhere. Thus a read-only webGUI user can quickly generate loads of backups when they are moving around looking and learning. That can mean interesting backup history is lost from the normal 100 backups that are retained on the server.
It would be nice if AutoConfigBackup also checked for user-config-readonly priv before making the backup.
Actions