mORMot Open Source

You are not logged in.

Topics: Active | Unanswered

Index
» mORMot 1
» Method TSQLRestServer.Batch does not check user rights

Pages: 1

#1 2013-10-18 13:33:49

DigDiver: Member; Registered: 2013-04-29; Posts: 137

Method TSQLRestServer.Batch does not check user rights

It will be nice to add the checking of user rights to the TSQLRestServer.Batch method

procedure TSQLRestServer.Batch(Ctxt: TSQLRestServerURIContext);
...
  if Ctxt.Table<>nil then begin

  TableIndex := Model.GetTableIndexExisting(Ctxt.Table);

  if not (TableIndex in Ctxt.Call.RestAccessRights^.DELETE) then // check User
   begin
     Ctxt.Error('', HTML_NOTALLOWED);
     exit;
   end;
...

Offline

#2 2013-10-18 19:35:58

ab: Administrator; From: France; Registered: 2010-06-21; Posts: 14,661; Website

Re: Method TSQLRestServer.Batch does not check user rights

Indeed.

Perhaps worth a feature request ticket so that we will track it easier.

Offline

Pages: 1

Index
» mORMot 1
» Method TSQLRestServer.Batch does not check user rights

Board footer

Atom topic feed

Powered by FluxBB