Dolibarr ERP & CRM » Bugs » bug #1894 User permissions are bypassed on webservicesÉtat Détails |
Last Modified On: | 03/03/2015 15:06 | | Submitted by: | Raphaël Doursenaud (rdoursenaud) |
Submitted on: | 03/03/2015 15:06 | |
Summary: | User permissions are bypassed on webservices |
Description: | Webservices requires a user authentication yet user permissions are not enforced on requests and the user may request otherwise restricted informations.
Basic user permissions (Read / Write) should be enforced for all webservice requests. |
Step to reproduce bug: | Create a user with no permission whatsoever.
Use a SOAP client like SoapUI to make a request authenticated with that user.
The request is fulfilled.
It should not be!
|
Detected in version: | 3.6.2 | | Category: | Module: WebServices |
Severity: | 5 - Major | | OS Type/Version: | |
PHP version: | | | Database type and version: | |
Etat |
Status: | Open | | Assigned to: | Aucun |
Resolution: | Aucun | |
Répondre
|
|