Custom Query (2152 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (190 - 192 of 2152)

54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74
Ticket Resolution Summary Owner Reporter
#129 invalid Secure db access by channelling query generation through authz module rgrp dread

Reported by dread, 5 years ago.
Description

Controllers and templates should not access db objects directly - they should do all access via authz module giving username. They are handed by a query that has already been filtered by the packages they are authorized to read.

(Additional idea to be discussed: When they request a package object, they are handed an copy of the db object - disconnected from the database - so it the db object can't be changed.)

A couple of tests can be reenabled when this is done: ckan.tests.functional.test_authz.TestUsage?.test_admin_list_deleted ckan.tests.functional.test_authz.TestUsage?.test_search_deleted

#131 fixed Groups REST interface dread dread

Reported by dread, 5 years ago.
Description

Controlling Groups through a REST interface.

#132 fixed Security hole - read package/group list (REST) rgrp dread

Reported by dread, 5 years ago.
Description

Using REST interface you can list packages and groups without authorization being checked.

Can be fixed using more advanced query to check authz.

54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74
Note: See TracQuery for help on using queries.