Project:
| View Revisions: Issue #54921 | [ Back to Issue ] | ||
| Summary | 0054921: User actions defined in standalone infrastructure modules cannot be securized | ||
| Revision | 2024-06-17 16:58 by eugen_hamuraru | ||
| Steps To Reproduce | 0) In a POS2 environment, install the org.openbravo.authentication.webauthn. This is an "infrastructure module". 1) Go to the [Role] window, select a role 2) Go to the [User Action Access] subtab and create a new record - User Action: "Register User" - active: false 3) Login in backoffice as System Administrator, in Authentication Provider Configuration window create a new record (type: "Web Authentication", Application: "Sales Touchpoint", Authentication Flow: "Login and Approvals") 4) Login in the POS with the role selected in step 1) 5) Click in the user button at the top-right part of the window. In the popup that is opened, note that the "WebAuthn Register" button is available (not disabled) although we should not have access to the "Register User" user action that this button triggers. |
||
| Revision | 2024-06-14 14:20 by eugen_hamuraru | ||
| Steps To Reproduce | 0) In a POS2 environment, install the org.openbravo.authentication.webauthn. This is an "infrastructure module". 1) Go to the [Role] window, select a role 2) Go to the [User Action Access] subtab and create a new record - User Action: "Register User" - active: false 3) Login in the POS with the role selected in step 1) 4) Click in the user button at the top-right part of the window. In the popup that is opened, note that the "WebAuthn Register" button is available (not disabled) although we should not have access to the "Register User" user action that this button triggers. |
||
| Revision | 2024-03-12 11:01 by caristu | ||
| Description | User actions defined in standalone infrastructure modules cannot be securized. | ||
| Revision | 2024-03-12 11:01 by caristu | ||
| Description | User actions defined in infrastructure modules cannot be securized. This is because infrastructure modules are not being taken into account here[1]. [1] https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/blob/master/src/org/openbravo/core2/login/GrantedUserActionsProvider.java?ref_type=heads#L100 [^] |
||
| Copyright © 2000 - 2009 MantisBT Group |
 |