Index: trunk/dns.cgi
===================================================================
--- trunk/dns.cgi	(revision 180)
+++ trunk/dns.cgi	(revision 181)
@@ -1167,4 +1167,5 @@
 	changepage(page => "useradmin", errmsg => "You do not have permission to add new users")
 		unless $permissions{admin} || $permissions{user_create};
+	# no scope check;  user is created in the current group
         ($code,$msg) = addUser($dbh, $webvar{uname}, $curgroup, $webvar{pass1},
 		($webvar{makeactive} eq 'on' ? 1 : 0), $webvar{accttype}, $permstring,
@@ -1175,4 +1176,8 @@
 	changepage(page => "useradmin", errmsg => "You do not have permission to edit users")
 		unless $permissions{admin} || $permissions{user_edit};
+	# security check - does the user have permission to access this entity?
+	if (!check_scope(id => $webvar{user}, type => 'user')) {
+	  changepage(page => "useradmin", errmsg => "You do not have permission to edit the requested user");
+	}
 # User update is icky.  I'd really like to do this in one atomic
 # operation, but that would duplicate a **lot** of code in DNSDB.pm
@@ -1230,4 +1235,9 @@
 	unless $permissions{admin} || $permissions{user_edit};
 
+    # security check - does the user have permission to access this entity?
+    if (!check_scope(id => $webvar{user}, type => 'user')) {
+      changepage(page => "useradmin", errmsg => "You do not have permission to edit the requested user");
+    }
+
     $page->param(set_permgroup => 1);
     $page->param(action => 'update');
@@ -1267,4 +1277,9 @@
   changepage(page=> "useradmin", errmsg => "You are not allowed to delete users")
 	unless $permissions{admin} || $permissions{user_delete};
+
+  # security check - does the user have permission to access this entity?
+  if (!check_scope(id => $webvar{id}, type => 'user')) {
+    changepage(page => "useradmin", errmsg => "You are not permitted to delete the requested user");
+  }
 
   $page->param(id => $webvar{id});