sharezone-app icon indicating copy to clipboard operation
sharezone-app copied to clipboard

Published 20 hours ago verified publisher icon SharezoneApp

User can delete/edit their own homework even if they don't have the permission to.

Open Jonas-Sander opened this issue 10 months ago • 0 comments

Describe the bug

A user can delete a homework that he created even after loosing the permissions to.

Steps to reproduce the bug

  1. Create user "student"
  2. Create user "teacher"
  3. "teacher" creates a course named "maths"
  4. "teacher" creates a homework named "Foo teacher".
  5. "student" creates a homework named "Bar student".
  6. "teacher" changes the permissions of the course to "only admins" (only admins can create/edit/delete)
  7. "student" tries to edit/delete "Foo teacher" --> He can't, no option for deletion or editing is shown.
  8. "student" tries to edit/delete "Bar student"

Current broken behavior

The student can edit or delete the "Bar student" homework even though he doesn't have the permissions to anymore.

Expected behavior

The student should not be able to edit the homework.

Screenshots, videos or logs

https://storage.googleapis.com/sharezone-archive/GitHub_Resources/permissions_bug_github_1110.mp4

Tested device

  • Device: PC
  • OS: Windows 11
  • App type: Web
  • App version: 1.7.8

Additional context

Possible solution

Jonas-Sander avatar Oct 04 '23 17:10 Jonas-Sander