Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions not checked for correct collection when collection override is used with ephemeral query. #2208

Closed
benanhalt opened this issue Sep 23, 2022 · 1 comment · Fixed by #2209
Closed

Permissions not checked for correct collection when collection override is used with ephemeral query. #2208

benanhalt opened this issue Sep 23, 2022 · 1 comment · Fixed by #2209
Labels
1 - Bug Incorrect behavior of the product
Projects
Query Builder
Milestone
7.7.4 (internal b...

Comments

@benanhalt
Copy link
Contributor

Bug discovered by inspection while addressing #1283. Collection override currently exists and is implemented here:
https://github.com/specify/specify7/blob/v7.7.2/specifyweb/stored_queries/execution.py#L372-L374

But permissions to query on the collection are checked in the view here, before the override occurs:
https://github.com/specify/specify7/blob/v7.7.2/specifyweb/stored_queries/views.py#L67-L69
@benanhalt benanhalt added 1 - Bug Incorrect behavior of the product pri:unknown labels Sep 23, 2022
benanhalt added a commit that referenced this issue Sep 23, 2022
@benanhalt
move ephemeral query collection override to view and check perms.
7957c84 
fixes #2208
This was referenced Sep 23, 2022
Merged
Closed
@maxpatiiuk maxpatiiuk added this to Unsorted in Query Builder via automation Sep 23, 2022
@maxpatiiuk maxpatiiuk moved this from Unsorted to Ready on branch in Query Builder Sep 23, 2022
Query Builder automation moved this from Ready on branch to Shipped Oct 5, 2022
@specifysoftware
Copy link

This issue has been mentioned on Specify Community Forum. There might be relevant details there:

https://discourse.specifysoftware.org/t/specify-7-7-4-release-announcement/807/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1 - Bug Incorrect behavior of the product
Projects
Query Builder
  
Shipped
Milestone
7.7.4 (internal bugs)
Development

Successfully merging a pull request may close this issue.

move ephemeral query collection override to view and check perms. specify/specify7
3 participants
@benanhalt @maxpatiiuk @specifysoftware