Project:
| View Revisions: Issue #34491 | [ Back to Issue ] | ||
| Summary | 0034491: Review access for DeleteImageActionHandler class | ||
| Revision | 2016-11-14 17:50 by caristu | ||
| Steps To Reproduce | In description | ||
| Revision | 2016-11-14 17:50 by caristu | ||
| Description | It is possible to delete images different from the last recently added if they are accessible by the client and organization of the login context. | ||
| Revision | 2016-11-14 13:47 by caristu | ||
| Steps To Reproduce | 0) In database launch the following query: select * from ad_image where ad_image_id ='77C306D7747D4664B94EF6951BF1BB06' Notice that exists one record. It is introduced with the F&B sample data 1) Log-in in Openbravo with F&B International Group Admin Role 2) Launch a curl request similar to the attached one. Notice that it is making a request to the DeleteImageActionHandler providing the id of the image mentioned in step 0) 3) Launch the same query done in step 0). Notice that the image has been deleted. |
||
| Revision | 2016-11-14 13:31 by caristu | ||
| Description | With just a valid login, it is possible to delete any image accessible by the client and organization of the login context. | ||
| Revision | 2016-11-14 13:30 by caristu | ||
| Description | With just a valid login, it is possible to delete any image accessible by the client and organization of the login context. |
||
| Revision | 2016-11-14 13:30 by caristu | ||
| Steps To Reproduce | 0) In database launch the following query: select * from ad_image where ad_image_id ='77C306D7747D4664B94EF6951BF1BB06' Notice that exists one record. It is introduced with the F&B sample data 1) Log-in in Openbravo with F&B International Group Admin Role 2) Launch a curl request similar to the one attached. Notice that it is making a request to the DeleteImageActionHandler providing the id of the image mentioned in step 0) 3) Launch the same query done in step 0). Notice that the image has been deleted. |
||
| Revision | 2016-11-14 13:24 by caristu | ||
| Steps To Reproduce | 1) Log-in in Openbravo with F&B International Group Admin Role 2) Launch a curl request similar to the one attached. Notice that it is making a request to the DeleteImageActionHandler providing the id of an image which belongs to the current context organization. |
||
| Copyright © 2000 - 2009 MantisBT Group |
 |