a bug in access control

[nic.ha...@gmail.com]

there is a bug in access control system using ACL. autorization and access control will not implemented on user log in and save in a way that user with any access, will have same access of previous login.

I have two users with diffirent access. for example one with full access named "Uber admin" and another with less access named "analyst". 

when I log on with "Uber admin" then I log out, then I log on with "analyst", analyst user will have the same access of pervious user, it means analyst will have full access.

vice versa if I logon with analyst then I log out and log in with "Uber admin" I will have access of pervious user, it means Uberadmin will have less access such as analyst user. 

I examined this problem with diffrent browsers and diffrent systems, problem persists!  when log in another system with the user with wrong access , user still have wrong access. 

Just when I restart CRITs server access controls will return to accurate ACL.

so access control of a user isn't associated to Username, session and IP address, why this problem appears and what is the solution ?

[Michael Goffin]

This sounds familiar, something that I thought we had fixed a while back. Would you mind submitting an issue on Github so we can all talk about it and see if we can narrow down the issue and resolve it?

Thanks!

--
You received this message because you are subscribed to the Google Groups "crits-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to crits-users+unsubscribe@googlegroups.com.
To post to this group, send email to crits...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/crits-users/5bb3026b-3bdd-4136-986a-59656dd5bef0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[nic.ha...@gmail.com]

Thanks mike! as you said I submitted an issue.