Users with the "Manage Roles" permission should not be able to change the per-channel permissions of other users with the same role or higher

Comments

2 comments

  • wiresegal

    Bumping this; privilege escalation is definitely not a thing which should be allowed. Manage Channel should give this permission, not Manage Roles, because you can give yourself Manage Channel for that channel with this exploit.

    1
  • poisonedwaters

    I agree. I would like to see the permissions be more granular.

    0

Please sign in to leave a comment.