From 1d21d4f85d34913209d2b765c87b352e788f62dd Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Wed, 3 Jul 2024 10:46:52 -0500
Subject: gn-auth: Privilege escalation bug - Close as fixed.

---
 issues/gn-auth/problems-with-roles.gmi | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/issues/gn-auth/problems-with-roles.gmi b/issues/gn-auth/problems-with-roles.gmi
index e1f49e0..2778b61 100644
--- a/issues/gn-auth/problems-with-roles.gmi
+++ b/issues/gn-auth/problems-with-roles.gmi
@@ -3,9 +3,9 @@
 ## Tags
 
 * type: bug
-* status: open
 * priority: critical
 * assigned: fredm, zachs
+* status: closed, completed, fixed
 * keywords: gn-auth, authorisation, authorization, roles, privileges
 
 ## Description
@@ -29,8 +29,8 @@ The implementation should instead, tie the roles to the specific resource, rathe
 * [x] migration: Add `resource:role:[create|delete|edit]-role` privileges to `resource-owner` role
 * [x] migration: Create new `resource_roles` db table linking each resource to roles that can act on it, and the user that created the role
 * [x] migration: Drop table `group_roles` deleting all data in the table: data here could already have privilege escalation in place
-* [ ] Create a new "Roles" section on the "Resource-View" page, or a separate "Resource-Roles" page to handle the management of that resource's roles
-* [ ] Ensure user can only assign roles they have created - maybe?
+* [x] Create a new "Roles" section on the "Resource-View" page, or a separate "Resource-Roles" page to handle the management of that resource's roles
+* [x] Ensure user can only assign roles they have created - maybe?
 
 ### Fixes
 
-- 
cgit v1.2.3