Author: adrianc
Date: Sun Sep 7 07:34:10 2008
New Revision: 692863
URL:
http://svn.apache.org/viewvc?rev=692863&view=revLog:
Fixed a problem with a Content Manager ajax form - reported in
https://issues.apache.org/jira/browse/OFBIZ-1949.
Ajax developers note: "ajaxed" screen portions MUST include the same permissions checking as the entire screen, otherwise a security hole is opened up.
Modified:
ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml
Modified: ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml?rev=692863&r1=692862&r2=692863&view=diff==============================================================================
--- ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml (original)
+++ ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml Sun Sep 7 07:34:10 2008
@@ -49,6 +49,14 @@
</screen>
<screen name="findDataResourceSearchResults">
<section>
+ <condition>
+ <if-has-permission permission="CONTENTMGR" action="UPDATE"/>
+ </condition>
+ <actions>
+ <property-map resource="ContentUiLabels" map-name="uiLabelMap" global="true"/>
+ <property-map resource="CommonUiLabels" map-name="uiLabelMap" global="true"/>
+ <property-map resource="WorkEffortUiLabels" map-name="uiLabelMap" global="true"/>
+ </actions>
<widgets>
<include-form name="ListDataResource" location="component://content/widget/content/DataResourceForms.xml"/>
</widgets>
Locked
