[jira] [Commented] (OFBIZ-13130) Add permission check for view-maps and change defaults for request-maps

ASF subversion and git services (Jira) Fri, 23 Aug 2024 07:46:53 -0700


    [ 
https://issues.apache.org/jira/browse/OFBIZ-13130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17876285#comment-17876285
 ]


ASF subversion and git services commented on OFBIZ-13130:
---------------------------------------------------------

Commit 9fe40f8cba8399afdfa41e8c9fd0ec61a569f2b5 in ofbiz-framework's branch 
refs/heads/trunk from Sebastian Tschikin
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9fe40f8cba ]

Improved: Add permission check for view-maps and change defaults for 
request-maps (OFBIZ-13130) (#831)

* [Improved]: Add permission check for view-maps and change defaults for
request-maps [(OFBIZ-13130)]

Adds an auth parameter to view-maps. The parameter is used in renderView
and initializes a security check.

* [Improved]: Add permission check for view-maps and change defaults for
request-maps [(OFBIZ-13130)]

Changes the defaults of the request-map parameters auth and https to
true.

* [Improved]: Add permission check for view-maps and change defaults for
request-maps [(OFBIZ-13130)]

Adds missing request- and view-map parameters in framework to restore
the original functionality.

* [Improved]: Add permission check for view-maps and change defaults for
request-maps [(OFBIZ-13130)]

Adds missing view-map parameter in applications/accounting to restore
the original functionality.

* [Improved]: Add permission check for view-maps and change defaults for
request-maps [(OFBIZ-13130)]

Adds missing request-map parameter in applications/content to restore
the original functionality.

* [Improved]: Add permission check for view-maps and change defaults for
request-maps [(OFBIZ-13130)]

Adds missing request- and view-map parameters in framework to restore
the original functionality.

* [Improved]: Add permission check for view-maps and change defaults for
request-maps [(OFBIZ-13130)]

Adds missing request- and view-map parameters in applications/product to
restore the original functionality.

* [Improved]: Add permission check for view-maps and change defaults for
request-maps [(OFBIZ-13130)]

Adds missing request-map parameter in applications/workeffort to restore
the original functionality.

> Add permission check for view-maps and change defaults for request-maps
> -----------------------------------------------------------------------
>
>                 Key: OFBIZ-13130
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13130
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ALL APPLICATIONS, ALL COMPONENTS, ALL PLUGINS
>    Affects Versions: 18.12.15
>            Reporter: Sebastian Tschikin
>            Assignee: Sebastian Tschikin
>            Priority: Major
>             Fix For: 18.12.16
>
>
> If a user is not authorized, the system should not allow access to rendered 
> views.
> Additionally, the default for the request-map paramerters "auth" and "https" 
> should be set to "true".
> This improvement aims to enhance security by preventing unauthorized access.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OFBIZ-13130) Add permission check for view-maps and change defaults for request-maps

Reply via email to