Defect #1276
It is possible to lock out the last admin account
| Status: | Closed | Start: | 2008-05-21 | |
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | Administration | |||
| Target version: | 0.7.2 | |||
| Affected version: | 0.7.1 |
Resolution: | Fixed |
|
Description
An admin user can go in to the user settings and lock all admin accounts. When they lock their own account, it immediately logs you off, forcing you to log back in. If you've locked all the admin accounts, then you can't get an admin user back.
It would be good to stop a user from either
- Locking their own account (this should be done by another admin)
- Making themselves a non-administrator
This would prevent users from locking the last admin account or inadvertently doing this by removing themselves from the admin list (as they may be the last admin account)
- redmine-0.7.1
- svn-1.4.6 (over http)
- ruby-1.8.6
- rails-2.0.2
- sqlite3-3.5.8
- mongrel-1.1.4
Associated revisions
Prevent admin users from locking their own account (#1276).
Prevent admin users from making themselves non-administrator (#1276).
History
2008-05-21 11:54 - Russell Hind
This is posted in relation to http://www.redmine.org/boards/2/topics/show/934