bugfix [ 1396957 ] Priv checks on DataForm
This commit is contained in:
Roy Johnson
parent
2599a4c853
commit
8071a041fa
3 changed files with 27 additions and 1 deletions
|
|
@ -2,6 +2,8 @@
|
|||
- Converted WebGUI to use a new object oriented session system. More details
|
||||
in migation.txt.
|
||||
|
||||
6.8.5
|
||||
- fix [ 1396957 ] Insufficient privileges check on the DataForm
|
||||
|
||||
6.8.4
|
||||
- fix [ 1395371 ] XSS Vulnerability in DataForm Entries
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ use Tie::IxHash;
|
|||
use WebGUI::DateTime;
|
||||
use WebGUI::Form;
|
||||
use WebGUI::FormProcessor;
|
||||
use WebGUI::Grouping;
|
||||
use WebGUI::HTML;
|
||||
use WebGUI::HTMLForm;
|
||||
use WebGUI::HTTP;
|
||||
|
|
@ -169,7 +170,11 @@ sub definition {
|
|||
defaultView=>{
|
||||
defaultValue=>0,
|
||||
fieldType=>"integer"
|
||||
}
|
||||
},
|
||||
groupToViewEntries=>{
|
||||
defaultValue=>7,
|
||||
fieldType=>"group"
|
||||
},
|
||||
}
|
||||
});
|
||||
return $class->SUPER::definition($definition);
|
||||
|
|
@ -261,6 +266,14 @@ sub getEditForm {
|
|||
-hoverHelp=>WebGUI::International::get('74 description',"Asset_DataForm"),
|
||||
-value=>$self->getValue("mailData")
|
||||
);
|
||||
|
||||
$tabform->getTab("security")->group(
|
||||
-name=>"groupToViewEntries",
|
||||
-label=>WebGUI::International::get('group to view entries', "Asset_DataForm"),
|
||||
-hoverHelp=>WebGUI::International::get('group to view entries description',"Asset_DataForm"),
|
||||
-value=>$self->getValue("groupToViewEntries")
|
||||
);
|
||||
|
||||
if ($self->getId eq "new" && $self->session->form->process("proceed") ne "manageAssets") {
|
||||
$tabform->getTab("properties")->whatNext(
|
||||
-options=>{
|
||||
|
|
@ -652,6 +665,7 @@ sub view {
|
|||
|
||||
sub viewList {
|
||||
my $self = shift;
|
||||
return WebGUI::Privilege::insufficient() unless (WebGUI::Grouping::isInGroup($self->get("groupToViewEntries")));
|
||||
return $self->processTemplate($self->getListTemplateVars,$self->get("listTemplateId"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,16 @@
|
|||
package WebGUI::i18n::English::Asset_DataForm;
|
||||
|
||||
our $I18N = {
|
||||
'group to view entries' => {
|
||||
message => q|Group To View DataForm Entries|,
|
||||
lastUpdated => 1057208065
|
||||
},
|
||||
|
||||
'group to view entries description' => {
|
||||
message => q|Members of this group will have the ability to view data submitted to this DataForm Asset.|,
|
||||
lastUpdated => 1057208065
|
||||
},
|
||||
|
||||
'90' => {
|
||||
message => q|Delete this entry.|,
|
||||
lastUpdated => 1057208065
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue