Do thorough check of FC controller actions for ACL filter @PreAuthorise requirement

bsed / ala

Automatically exported from code.google.com/p/ala

0 stars 0 forks source link

Do thorough check of FC controller actions for ACL filter @PreAuthorise requirement #472

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

There are quite a few actions that are not checking for the appropriate 
permissions in SiteController and ActivityController, etc.

Should be simple matter of adding @PreAuthorise() annotation.

Added complication may be AJAX actions which need to only return an appropriate 
HTTP error code and not do a redirect... so this may require a minor 
enhancement to the AclFilterFilters class.

Original issue reported on code.google.com by nickdos on 18 Dec 2013 at 1:13

GoogleCodeExporter commented 9 years ago

E.g. ajaxDelete and ajaxUpdate in SiteController.

Also refactor UserController.addUserAsRoleToProject() and removeUserWithRole() 
to use annotation instead of code check (so its consistent throughout app).

Original comment by nickdos on 18 Dec 2013 at 1:16

Changed state: Accepted