Added permission check for ProgramExport.groovy and EntitySQLProcessor.groovy, If user does not have permission don't execute the groovy file (#821)

dixitdeepak · dixitdeepak · commit 31d8d7eea12d · 2024-07-10T17:45:37.000+05:30
diff --git a/framework/webtools/groovyScripts/entity/EntitySQLProcessor.groovy b/framework/webtools/groovyScripts/entity/EntitySQLProcessor.groovy
@@ -26,6 +26,9 @@ import java.util.Iterator
 import org.apache.ofbiz.entity.*
 import org.apache.ofbiz.entity.model.ModelGroupReader
 
+if (!security.hasPermission('ENTITY_MAINT', userLogin)) {
+    return
+}
 sqlCommand = context.request.getParameter("sqlCommand")
 
 resultMessage = ""
diff --git a/framework/webtools/groovyScripts/entity/ProgramExport.groovy b/framework/webtools/groovyScripts/entity/ProgramExport.groovy
@@ -29,6 +29,9 @@ import org.codehaus.groovy.control.CompilerConfiguration
 import org.codehaus.groovy.control.MultipleCompilationErrorsException
 import org.codehaus.groovy.control.ErrorCollector
 
+if (!security.hasPermission('ENTITY_MAINT', userLogin)) {
+    return
+}
 String groovyProgram = null
 recordValues = []
 errMsgList = []
