Bug #20
closed
The application allows an administrator to remove permission-management privileges from all roles, including their own. This results in a complete administrative lockout where no user retains the ability to manage roles or permissions. There is no fallback or recovery mechanism, making the system partially unusable.
Steps to Reproduce:
Login as an administrator.
Navigate to the Roles & Permissions section.
Edit the admin role (or any role with permission-management privileges).
Remove the permission responsible for managing roles/permissions.
Save the changes.
Ensure no other role/user retains this permission.
Expected Result
The system should prevent removal of critical permission-management rights if it results in no user having administrative control. Alternatively, a protected/super-admin role should retain these permissions.
Actual Result
All permission-management capabilities are removed from every role. No user can:
- Assign roles
- Modify permissions
- Restore access
This leads to a permanent administrative lockout unless manual backend/database intervention is performed.
- Status changed from Resolved to Closed
Also available in: Atom
PDF
