Openbravo Issue Tracking System - Openbravo ERP |
View Issue Details |
|
ID | Project | Category | View Status | Date Submitted | Last Update |
0023518 | Openbravo ERP | C. Security | public | 2013-04-09 17:21 | 2013-04-30 12:14 |
|
Reporter | alostale | |
Assigned To | alostale | |
Priority | urgent | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | fixed | |
Platform | | OS | 5 | OS Version | |
Product Version | | |
Target Version | 3.0MP23 | Fixed in Version | 3.0MP23 | |
Merge Request Status | |
Review Assigned To | AugustoMauch |
OBNetwork customer | |
Web browser | |
Modules | Core |
Support ticket | |
Regression level | |
Regression date | |
Regression introduced in release | |
Regression introduced by commit | |
Triggers an Emergency Pack | No |
|
Summary | 0023518: Restrict Access to Portal sessions |
Description | Portal sessions should have limited access to:
-Web Services: json and xml webservices shouldn't be accessible to portal sessions
-ActionHandlers: only the ones that are explicitly set to be accessible by portal should be executable
-Datasources: only the ones that are explicitly set to be accessible by portal should be executable. Specially default one used to retrieve grid data shouldn't be accessible
-Query List widget datasources: They should be accessible |
Steps To Reproduce | - |
Proposed Solution | |
Additional Information | |
Tags | No tags attached. |
Relationships | related to | design defect | 0023520 | 3.0MP23 | closed | alostale | Restrict access to query list widgets |
|
Attached Files | |
|
Issue History |
Date Modified | Username | Field | Change |
2013-04-09 17:21 | alostale | New Issue | |
2013-04-09 17:21 | alostale | Assigned To | => alostale |
2013-04-09 17:21 | alostale | Modules | => Core |
2013-04-09 17:21 | alostale | Triggers an Emergency Pack | => No |
2013-04-09 17:34 | alostale | Review Assigned To | => AugustoMauch |
2013-04-09 17:50 | alostale | Relationship added | related to 0023520 |
2013-04-15 13:49 | hgbot | Checkin | |
2013-04-15 13:49 | hgbot | Note Added: 0057898 | |
2013-04-15 13:49 | hgbot | Status | new => resolved |
2013-04-15 13:49 | hgbot | Resolution | open => fixed |
2013-04-15 13:49 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/46bf40360c734a9a94b4e8f9b8e25070bc241222 [^] |
2013-04-15 13:50 | hgbot | Checkin | |
2013-04-15 13:50 | hgbot | Note Added: 0057900 | |
2013-04-16 19:18 | hudsonbot | Checkin | |
2013-04-16 19:18 | hudsonbot | Note Added: 0057975 | |
2013-04-16 19:18 | hudsonbot | Checkin | |
2013-04-16 19:18 | hudsonbot | Note Added: 0057977 | |
2013-04-30 12:12 | AugustoMauch | Note Added: 0058343 | |
2013-04-30 12:12 | AugustoMauch | Status | resolved => closed |
2013-04-30 12:14 | AugustoMauch | Fixed in Version | => 3.0MP23 |
Notes |
|
(0057898)
|
hgbot
|
2013-04-15 13:49
|
|
Repository: erp/devel/pi
Changeset: 46bf40360c734a9a94b4e8f9b8e25070bc241222
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Tue Apr 09 17:45:00 2013 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/46bf40360c734a9a94b4e8f9b8e25070bc241222 [^]
fixed issue 23518: Restrict Access to Portal sessions
-Web Services: json and xml webservices shouldn't be accessible to portal sessions
-ActionHandlers: only the ones that are explicitly set to be accessible by portal should be executable
-Datasources: only the ones that are explicitly set to be accessible by portal should be executable. Specially default one used to retrieve grid data shouldn't be accessible
-Query List widget datasources: They should be accessible
---
M modules/org.openbravo.client.application/src/org/openbravo/client/application/AlertActionHandler.java
M modules/org.openbravo.client.application/src/org/openbravo/client/application/HeartBeatPopupActionHandler.java
M modules/org.openbravo.client.application/src/org/openbravo/client/application/LogOutActionHandler.java
M modules/org.openbravo.client.application/src/org/openbravo/client/application/ParametersActionHandler.java
M modules/org.openbravo.client.application/src/org/openbravo/client/application/StorePropertyActionHandler.java
M modules/org.openbravo.client.application/src/org/openbravo/client/application/navigationbarcomponents/UserInfoWidgetActionHandler.java
M modules/org.openbravo.client.application/src/org/openbravo/client/application/window/ImagesActionHandler.java
M modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/KernelServlet.java
M modules/org.openbravo.client.myob/src/org/openbravo/client/myob/MyOpenbravoActionHandler.java
M modules/org.openbravo.client.querylist/src/org/openbravo/client/querylist/QueryListDataSource.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
M modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonRestServlet.java
M src/org/openbravo/dal/core/OBContext.java
M src/org/openbravo/service/web/BaseWebServiceServlet.java
---
|
|
|
(0057900)
|
hgbot
|
2013-04-15 13:50
|
|
|
|
|
|
|
|
|
|
|
Code reviewed and verified in pi@a7efc1231554 |
|