Diffusion invenio-infoscience f15c39142b66

Improved security handling WRT collections. Fixed security flaw in which users…
f15c39142b66
Actions

Authored by Samuele Kaplun <samuele.kaplun@cern.ch> on Jan 23 2008, 17:12.

Description

Improved security handling WRT collections. Fixed security flaw in which users were able to visit /record/123/{files, comments, reviews} even if they were not authorized to the collection to which the record belonged. Enriched authorization WRT restricted documents by letting their submitters to display them even when they're not authorized to the collection. In case of a restricted fulltext document (with bibdocfile new feature), if the user is authorized to download the document, then he/she can regardless of the collection restriction.

Details

Committed

Samuele Kaplun <samuele.kaplun@cern.ch>

Jan 23 2008, 17:12

Parents

R3600:880b8bdf9919: Fixed 3 bugs (two introduced during FireRole migration). Ported all run_sql…

Branches

Unknown

Tags

Unknown

Event Timeline

Samuele Kaplun <samuele.kaplun@cern.ch> committed R3600:f15c39142b66: Improved security handling WRT collections. Fixed security flaw in which users… (authored by Samuele Kaplun <samuele.kaplun@cern.ch>).Jan 23 2008, 17:12

Changes (5)

				Path
	M			modules/webcomment/lib/webcomment_webinterface.py
	M			modules/websearch/lib/search_engine.py
	M			modules/websearch/lib/websearch_webinterface.py
	M			modules/websubmit/lib/bibdocfile.py
	M			modules/websubmit/lib/websubmit_webinterface.py