User switching: Privilege escalation too restrictive

Steps to reproduce

Steps to reproduce:
1. Create user Alice that has organisation administrator privileges and ROLE_SUDO
2. Create user Bob that also has organisation administrator privileges
3. Try to perform an request as Alice using user switchting to Bob

Actual Results:
An unauthorized request is trying to switch to an admin user, from 'Alice' to 'Bob'

Expected Results:
Since Alice has organization administrator privileges and ROLE_SUDO, Alice should be allowed to switch to other users that have organization administrator privileges - this is not a privilege escalation since Alice does have the required privileges

Workaround (if any):
None

Status

Assignee

Sven Stauber

Reporter

Sven Stauber

Severity

Incorrectly Functioning Without Workaround

Tags (folksonomy)

None

Components

Fix versions

Affects versions

Priority

Minor
Configure