Runas system problem
6 views
Skip to first unread message
Thomas Bellos
Sep 10, 2008, 6:21:26 AM9/10/08
to porcupi...@googlegroups.com
Hi
all,
I have noticed
that when a method which uses the filters.runas('system')
decorator, tries
to access an object to which the original user does not have read access
to,
instead of the
requested object being accessed, it returns the Unathorized
error.
It seems as though
the security check takes place prior to the
filter's application.
I would like to
suggest a modification so that when a method runs as system, that
method
can have access to
any object, without access security checks.
Thanks
tkouts
Sep 10, 2008, 8:23:44 AM9/10/08
to porcupine-users
You are right Thomas. The security check is done before the filter's
appliance.
I fixed this by moving the security check inside the web method
wrapper and now the "runas" filter it seems to work fine.
This fix is commited to the SVN respository and you get get it in case
you use SVN.
Thanks for the feedback.
Tassos Koutsovassilis
Porcupine Core Development
http://www.innoscript.org
appliance.
I fixed this by moving the security check inside the web method
wrapper and now the "runas" filter it seems to work fine.
This fix is commited to the SVN respository and you get get it in case
you use SVN.
Thanks for the feedback.
Tassos Koutsovassilis
Porcupine Core Development
http://www.innoscript.org
Reply all
Reply to author
Forward
0 new messages