Changeset 7010


Ignore:
Timestamp:
Nov 12, 2015, 8:57:11 AM (6 years ago)
Author:
Nicklas Nordborg
Message:

References #1965: Users can access reporter information even if their role permissions is set to DENIED

Adding permission filter to dynamic reporter query.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.6-stable/src/core/net/sf/basedb/core/Reporter.java

    r7008 r7010  
    242242  public static DynamicReporterQuery getDynamicQuery()
    243243  {
    244     return new DynamicReporterQuery();
     244    DynamicReporterQuery query = new DynamicReporterQuery();
     245    // We only allow reporters if there is an excplicit READ permission
     246    query.restrictPermanent(new PermissionRestriction(Permission.READ, Item.REPORTER));
     247    return query;
    245248  }
    246249 
Note: See TracChangeset for help on using the changeset viewer.