-
Notifications
You must be signed in to change notification settings - Fork 20
Check create operations in lib-datahandler #106
Comments
issue could be solved, as done with other calls, by passing the user as argument at the license creation call |
see #218 |
for licenses it shall be also clearing admin who can create licenses. |
clearing admins can create licenses already |
Actually, LicenseDatabaseHandler also already gets the user argument and checks for permissions before creating/updating licenses. I guess this issue is too old and does not reflect the current state. What's left insecure are the methods used for bulk import of licenses from files. This is done in ComponentUploadPortlet and in the executable class LicenseImporter - do we need it at all? I'm tempted to delete it |
…ated objects where missing closes #106
Create can be done by anyone, like any user can create components, projects. But a user cannot create licenses. This is done in the portlet level, however, could be also moved to the backend and in the lib-datahandler.
The text was updated successfully, but these errors were encountered: