Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem: Access control for contact info doesn't check edit/admin access #1599

Closed
anvit opened this issue May 23, 2023 · 0 comments
Closed

Problem: Access control for contact info doesn't check edit/admin access #1599

anvit opened this issue May 23, 2023 · 0 comments
Assignees
@anvit
Labels
Type: bug A flaw in the code that causes the software to produce an incorrect or unexpected result.

Comments

@anvit
Copy link
Contributor

anvit commented May 23, 2023

Current Behavior

Steps to reproduce the behavior

  1. Log into the the demo site with a non editor or admin user.
  2. Try to access http://demo.accesstomemory.org/contactinformation/index/id/185.
  3. You should be able to see the page even as regular authenticated user or a translator.

Expected Behavior

You should not be able to see the page unless you have edit access.

Possible Solution

Updating the permissions in apps/qubit/modules/contactinformation/actions/indexAction.class.php should fix this.

Context and Notes

No response

Version used

AtoM 2.6.4

Operating System and version

No response

Default installation culture

en

PHP version

No response

Contact details

No response
@anvit anvit added the Type: bug A flaw in the code that causes the software to produce an incorrect or unexpected result. label May 23, 2023
@anvit anvit self-assigned this May 23, 2023
anvit added a commit that referenced this issue May 23, 2023
@anvit
Update contact information access, ref #1599
e887539 
Update user authorization condition check to also confirm that the
authenticated user is an editor or admin.
anvit added a commit that referenced this issue May 24, 2023
@anvit
Update contact information access, ref #1599
66d3b14 
Update user authorization condition check to also confirm that the
authenticated user is an editor or admin.
anvit added a commit that referenced this issue May 25, 2023
@anvit
Update contact information access, ref #1599
e1acdd9 
Update user authorization condition check to also confirm that the
authenticated user is an editor or admin.
anvit added a commit that referenced this issue May 25, 2023
@anvit
Update contact information access, ref #1599
472cd77 
Update user authorization condition check to also confirm that the
authenticated user is an editor or admin.
@anvit anvit closed this as completed May 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@anvit anvit

Labels
Type: bug A flaw in the code that causes the software to produce an incorrect or unexpected result.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@anvit