This repository has been archived by the owner on Mar 31, 2022. It is now read-only.
Cascade-delete entities "owned" by User #36
Comments
knstvk
changed the title
We should cascade-delete RoleAssignmentEntity and other entities "owned" by User
Cascade-delete RoleAssignmentEntity and other entities "owned" by User
Mar 19, 2021
knstvk
changed the title
Cascade-delete RoleAssignmentEntity and other entities "owned" by User
Cascade-delete entities "owned" by User
Mar 19, 2021
|
andreysubbotin
pushed a commit
that referenced
this issue
May 7, 2021
andreysubbotin
pushed a commit
to jmix-framework/jmix
that referenced
this issue
May 7, 2021
andreysubbotin
pushed a commit
that referenced
this issue
May 7, 2021
andreysubbotin
pushed a commit
to jmix-framework/jmix
that referenced
this issue
May 7, 2021
andreysubbotin
pushed a commit
to jmix-projects/jmix-rest
that referenced
this issue
May 7, 2021
andreysubbotin
added a commit
that referenced
this issue
Jun 6, 2021
andreysubbotin
added a commit
to jmix-projects/jmix-ui
that referenced
this issue
Jun 6, 2021
andreysubbotin
added a commit
to jmix-projects/jmix-ui
that referenced
this issue
Jun 6, 2021
andreysubbotin
added a commit
that referenced
this issue
Jun 6, 2021
(cherry picked from commit d772374)
The security problem that is described in the ticket description should be fixed. |
1.1.0-SNAPSHOT - ok |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Security problem:
Launch any Jmix app
Create user "max", assign system-full-access role.
Delete max
Create new user "max", don't assign any roles
Reopen "max". Oops, he has system-full-access role (left from previous user)
Solution:
Preliminary list of what should be cascade-deleted:
The text was updated successfully, but these errors were encountered: