Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #34491 Back to Issue ]
Summary 0034491: Review access for DeleteImageActionHandler class
Revision 2016-11-14 17:50 by caristu
Steps To Reproduce In description
Revision 2016-11-14 17:50 by caristu
Description It is possible to delete images different from the last recently added if they are accessible by the client and organization of the login context.
Revision 2016-11-14 13:47 by caristu
Steps To Reproduce 0) In database launch the following query:

select * from ad_image where ad_image_id ='77C306D7747D4664B94EF6951BF1BB06'

Notice that exists one record. It is introduced with the F&B sample data

1) Log-in in Openbravo with F&B International Group Admin Role

2) Launch a curl request similar to the attached one. Notice that it is making a request to the DeleteImageActionHandler providing the id of the image mentioned in step 0)

3) Launch the same query done in step 0). Notice that the image has been deleted.
Revision 2016-11-14 13:31 by caristu
Description With just a valid login, it is possible to delete any image accessible by the client and organization of the login context.
Revision 2016-11-14 13:30 by caristu
Description With just a valid login, it is possible to delete any image accessible by the client and organization of the login context.

Revision 2016-11-14 13:30 by caristu
Steps To Reproduce 0) In database launch the following query:

select * from ad_image where ad_image_id ='77C306D7747D4664B94EF6951BF1BB06'

Notice that exists one record. It is introduced with the F&B sample data

1) Log-in in Openbravo with F&B International Group Admin Role

2) Launch a curl request similar to the one attached. Notice that it is making a request to the DeleteImageActionHandler providing the id of the image mentioned in step 0)

3) Launch the same query done in step 0). Notice that the image has been deleted.
Revision 2016-11-14 13:24 by caristu
Steps To Reproduce 1) Log-in in Openbravo with F&B International Group Admin Role
2) Launch a curl request similar to the one attached. Notice that it is making a request to the DeleteImageActionHandler providing the id of an image which belongs to the current context organization.


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker