Enhancement
Harden .proxy
Issue description
A malicious user can access the type and name of all topics. Also whether it is frozen and all information when the topic type is declared to be displayed as a data sheet.
Developer comments
This one caused some head scratching. At first it seemed easy: deny access, if any of the requested proxies is instance of a topic type that the user is not allowed to search/read. This simple solution *caused problems in production*: users could no longer edit existing instances they should be able to edit.
It turned out that row-displayed counter players, e.g. an order item in an order, are rarely contained in the index (as they are never searched for, only the whole order is). So the user is missing the right. But why would you need the topic proxy in the form for a row-displayed counter player. The idea behind row-displayed topic types is based on the insight that some topics just do not need a name. Displaying all information about them is enough.
The reason why you do need to get proxies for these topics in the form is, that the form needs to decide whether the association can be deleted. This is not the case if the counter players is frozen. The topic proxy holds the minimal information about a topic: label, type and frozen (yes/no).
Only if a user group may *neither search for nor edit instances of a topic type*, the access to the proxy is denied. This works quite well given that in most cases you want to hide information from user groups which are declared read-only.
It might be necessary to handle this completely different. There is two components that use .proxy: the form and the service form. Their common purpose for retrieving a proxy is to display the topic as an option in a select box or the extended selection dialog. In this case the label and topic type information is used.
In the form there are two additional motivations for retrieving the proxy:
* Deciding whether an association should be removable. It isn't when the counter player is frozen.
* The proxy also holds the data sheet when a topic type is declared to be displayed inline.
If the proxies would be included in the original resource (the form.jtm and the service form), there would be no need for .proxy, which has the disadvantage that you can pass any id and to learn more on the topic, the very reason for this issue.
The reason why the SEARCH or EDIT combo failed is the following: master data might not be editable by a user group, only selectable in a form for movement data. Now with the edit right denied, only the SEARCH right would be open. But the user group should not have it in the index, because they lack the VIEW privilege.
An example: given a user group which enters orders. They need to select the customer. But they should know nothing more than the customers name. So the user group will lack the VIEW, EDIT and SEARCH privilege. With .proxy in place i would need to either assign a privilege they should not have for the reasons above. Or create a new privilege. But isn't there already enough of them? The alternative is to remove the need for .proxy.
The key was to reduce the responsibilities of .proxy so that the [9259, SEARCH privilege suffices].
The new goal is to eliminate .proxy. The two components using it (the form and the service form) were refactored. After a observation period of two weeks .proxy will be removed all together.
|
Work sessions7
Start |
2020-03-11T07:30:52
|
End |
2020-03-11T11:27:54
|
Participant |
Robert Cerny
|
Start |
2020-03-12T07:28:00
|
End |
2020-03-12T10:22:15
|
Participant |
Robert Cerny
|
Start |
2020-03-12T10:51:03
|
End |
2020-03-12T11:57:57
|
Participant |
Robert Cerny
|
Start |
2020-03-12T14:08:07
|
End |
2020-03-12T16:54:49
|
Participant |
Robert Cerny
|
Start |
2020-04-30T09:45:56
|
End |
2020-04-30T11:52:45
|
Participant |
Robert Cerny
|
Start |
2020-05-01T13:19:44
|
End |
2020-05-01T14:07:51
|
Participant |
Robert Cerny
|
Start |
2020-05-05T20:46:18
|
End |
2020-05-05T21:06:06
|
Participant |
Robert Cerny
|
|
We are sorry
This page cannot be displayed in your browser. Use Firefox, Opera, Safari, or Chrome instead.