Able to edit global configuration as non admin user

Description

Noticed that if you navigate to the {BITBUCKET_URL}/plugins/servlet/yaccHook/config that any user is able to edit the configuration. When clicking save it does throw an error but the configuration will still save.

Solution:

  • Use the UserManager to check if the user is admin or systemadmin

Environment

None

Assignee

Rytis Tarasevicius

Reporter

Mohammed Davoodi

Sprint

None

Labels

Priority

High
Configure