You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The text was updated successfully, but these errors were encountered:
fmdl
changed the title
[10][Security] model.transient : overide acces with group_by or pivot view
[10][Security] model.transient : read_group() seems have access of records of all user
Oct 5, 2017
fmdl
changed the title
[10][Security] model.transient : read_group() seems have access of records of all user
[Master,11,10,9,8][Security] model.transient : read_group() seems have access of records of all user
Oct 19, 2017
fmdl
changed the title
[Master,11,10,9,8][Security] model.transient : read_group() seems have access of records of all user
[Master,11,10,9,8][Security] model.transient : read_group() and read() have access of all records of all user
Oct 20, 2017
Impacted versions:
master, 11, 10, 9, 8
Steps to reproduce:
Current behavior:
any other user can see with pivot or group by some information
Expected behavior:
any other user cannot see data
Start of solution :
It seems the function
read_group
have no filter about the create_uid during the query for the transient model.Video/Screenshot link (optional):
cc : @sylvain-garancher
#20328
The text was updated successfully, but these errors were encountered: