Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid role check when accessing resource #27909

Closed
wezell opened this issue Mar 8, 2024 · 1 comment · Fixed by #27912
Closed

Invalid role check when accessing resource #27909

wezell opened this issue Mar 8, 2024 · 1 comment · Fixed by #27912
Labels
OKR : Security & Privacy Owned by Mehdi QA : Approved Release : 22.03.15 Included in LTS patch release 22.03.15 Release : 23.01.15 Included in LTS patch release 23.01.15 Release : 23.10.24 v8 Included in LTS patch release 23.10.24 v8 Release : 24.03.22 Bug Fixing Team : Bug Fixers Triage Type : Defect Type : Task

Comments

@wezell
Copy link
Contributor

wezell commented Mar 8, 2024
edited by sfreudenthaler

Parent Issue

No response

Task

When specifying multiple roles to require for resource access, we use OR logic instead of AND logic.

Proposed Objective

Security & Privacy

Proposed Priority

Priority 2 - Important

Acceptance Criteria

No response

External Links... Slack Conversations, Support Tickets, Figma Designs, etc.

Assumptions & Initiation Needs

No response

Quality Assurance Notes & Workarounds

No response

Sub-Tasks & Estimates

No response
wezell added a commit that referenced this issue Mar 8, 2024
@wezell
fix(security) always checks CMS_ADMIN role before granting access to …
d5b25cb 
…resource

ref: #27909
wezell added a commit that referenced this issue Mar 8, 2024
@wezell
fix(security) always checks CMS_ADMIN role before granting access to …
19662b1 
…resource

ref: #27909
wezell added a commit that referenced this issue Mar 8, 2024
@wezell
fix(security) testing cmsAdmin access
5005a69 
ref: #27909
wezell added a commit that referenced this issue Mar 8, 2024
@wezell
fix(security) testing cmsAdmin access
f4d24cf 
ref: #27909
wezell added a commit that referenced this issue Mar 8, 2024
@wezell
fix(security) always checks CMS_ADMIN role before granting access to …
f2ca7d8 
…resource

ref: #27909
wezell added a commit that referenced this issue Mar 8, 2024
@wezell
fix(security) always checks CMS_ADMIN role before granting access to …
67b4250 
…resource

ref: #27909
wezell added a commit that referenced this issue Mar 8, 2024
@wezell
fix(security) testing cmsAdmin access
f422438 
ref: #27909
wezell added a commit that referenced this issue Mar 8, 2024
@wezell
fix(security) testing cmsAdmin access
55ef5d3 
ref: #27909
@sfreudenthaler sfreudenthaler linked a pull request Mar 8, 2024 that will close this issue
Issue 27909 check roles before access #27912
Merged
wezell added a commit that referenced this issue Mar 11, 2024
@wezell
fix(security) sonarqube feedback, complexity ref: #27909
e58dba4
@erickgonzalez erickgonzalez added LTS : Next Ticket that will be added to LTS Team : Bug Fixers labels Mar 12, 2024
github-merge-queue bot pushed a commit that referenced this issue Mar 12, 2024
@wezell
Issue 27909 check roles before access (#27912)
753a203 
* fix(security) always checks CMS_ADMIN role before granting access to resource

ref: #27909

* fix(security) always checks CMS_ADMIN role before granting access to resource

ref: #27909

* fix(security) testing cmsAdmin access

ref: #27909

* fix(security) testing cmsAdmin access

ref: #27909

* fix(security) sonarqube feedback, complexity ref: #27909
@erickgonzalez erickgonzalez reopened this Mar 12, 2024
manuelrojas pushed a commit that referenced this issue Mar 14, 2024
@wezell @manuelrojas
Issue 27909 check roles before access (#27912)
cdb2497 
* fix(security) always checks CMS_ADMIN role before granting access to resource

ref: #27909

* fix(security) always checks CMS_ADMIN role before granting access to resource

ref: #27909

* fix(security) testing cmsAdmin access

ref: #27909

* fix(security) testing cmsAdmin access

ref: #27909

* fix(security) sonarqube feedback, complexity ref: #27909
@josemejias11
Copy link

Approved: Tested on master_ca3eb44, Docker, macOS 13.0, FF v121.0.1

@erickgonzalez erickgonzalez added Next LTS Release Shortlisted of issues that will be included in the upcoming LTS and removed LTS : Next Ticket that will be added to LTS labels Apr 2, 2024
erickgonzalez added a commit that referenced this issue Apr 3, 2024
@erickgonzalez
#27909 include in 23.10.24
dc46559
erickgonzalez added a commit that referenced this issue Apr 4, 2024
@erickgonzalez
#27909 include in 23.01.15
cfd4a3c
erickgonzalez added a commit that referenced this issue Apr 5, 2024
@erickgonzalez
#27909 include in 22.03.15
6a7e8b2
@erickgonzalez erickgonzalez added the Release : 23.01.15 Included in LTS patch release 23.01.15 label Apr 11, 2024
@erickgonzalez erickgonzalez added Release : 22.03.15 Included in LTS patch release 22.03.15 Release : 23.10.24 v8 Included in LTS patch release 23.10.24 v8 and removed Next LTS Release Shortlisted of issues that will be included in the upcoming LTS labels Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
OKR : Security & Privacy Owned by Mehdi QA : Approved Release : 22.03.15 Included in LTS patch release 22.03.15 Release : 23.01.15 Included in LTS patch release 23.01.15 Release : 23.10.24 v8 Included in LTS patch release 23.10.24 v8 Release : 24.03.22 Bug Fixing Team : Bug Fixers Triage Type : Defect Type : Task
Projects
dotCMS - Product Planning
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue 27909 check roles before access dotCMS/core
4 participants
@wezell @erickgonzalez @sfreudenthaler @josemejias11