dolibarr-bugtrack

[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dolibarr-bugtrack] [Bug #1894] User permissions are bypassed on webserv

From:	Doliforge
Subject:	[Dolibarr-bugtrack] [Bug #1894] User permissions are bypassed on webservices
Date:	Tue, 03 Mar 2015 15:06:01 +0100

Doliforge

Ce message ne s'affiche pas correctement?
mettez à jour vos préférences utilisateur.

Dolibarr ERP & CRM » Bugs » bug #1894

User permissions are bypassed on webservices

État

Détails
Last Modified On:	03/03/2015 15:06		Submitted by:	Raphaël Doursenaud (rdoursenaud)
Submitted on:	03/03/2015 15:06
Summary:	User permissions are bypassed on webservices
Description:	Webservices requires a user authentication yet user permissions are not enforced on requests and the user may request otherwise restricted informations. Basic user permissions (Read / Write) should be enforced for all webservice requests.
Step to reproduce bug:	Create a user with no permission whatsoever. Use a SOAP client like SoapUI to make a request authenticated with that user. The request is fulfilled. It should not be!
Detected in version:	3.6.2		Category:	Module: WebServices
Severity:	5 - Major		OS Type/Version:
PHP version:			Database type and version:
Etat
Status:	Open		Assigned to:	Aucun
Resolution:	Aucun

[Prev in Thread]

Current Thread

[Next in Thread]

[Dolibarr-bugtrack] [Bug #1894] User permissions are bypassed on webservices, Doliforge <=

Prev by Date: [Dolibarr-bugtrack] [Bug #1893] Picture upload on product card
Next by Date: [Dolibarr-bugtrack] [Bug #1897] Unable to edit Margin module settings
Previous by thread: [Dolibarr-bugtrack] [Bug #1893] Picture upload on product card
Next by thread: [Dolibarr-bugtrack] [Bug #1897] Unable to edit Margin module settings
Index(es):
- Date
- Thread