http://localhost/ticket/129 <p> Controllers and templates should not access db objects directly - they should do all access via authz module giving username. They are handed by a query that has already been filtered by the packages they are authorized to read. </p> <p> (Additional idea to be discussed: When they request a package object, they are handed an copy of the db object - disconnected from the database - so it the db object can't be changed.) </p> <p> A couple of tests can be reenabled when this is done: ckan.tests.functional.test_authz.<a class="missing wiki">TestUsage?</a>.test_admin_list_deleted ckan.tests.functional.test_authz.<a class="missing wiki">TestUsage?</a>.test_search_deleted </p> en-us http://assets.okfn.org/p/ckan/img/ckan_logo_shortname.png http://localhost/ticket/129 Trac 0.12.3 dread Tue, 29 Sep 2009 13:36:28 GMT http://localhost/ticket/129#comment:1 http://localhost/ticket/129#comment:1 <ul> <li><strong>description</strong> modified (<a href="/ticket/129?action=diff&amp;version=1">diff</a>) </li> </ul> Ticket dread Mon, 05 Oct 2009 09:47:02 GMT http://localhost/ticket/129#comment:2 http://localhost/ticket/129#comment:2 <ul> <li><strong>summary</strong> changed from <em>Secure db access by centralising query generation through authz module</em> to <em>Secure db access by channelling query generation through authz module</em> </li> <li><strong>description</strong> modified (<a href="/ticket/129?action=diff&amp;version=2">diff</a>) </li> <li><strong>milestone</strong> changed from <em>v0.10</em> to <em>v0.11</em> </li> </ul> Ticket dread Mon, 07 Dec 2009 09:48:12 GMT http://localhost/ticket/129#comment:3 http://localhost/ticket/129#comment:3 <ul> <li><strong>priority</strong> changed from <em>major</em> to <em>awaiting triage</em> </li> </ul> <p> Not needed at the moment (minor security issue since only for read actions). </p> Ticket dread Mon, 08 Feb 2010 10:32:23 GMT http://localhost/ticket/129#comment:4 http://localhost/ticket/129#comment:4 <ul> <li><strong>milestone</strong> changed from <em>v0.11</em> to <em>longterm</em> </li> </ul> Ticket dread Thu, 04 Mar 2010 16:12:42 GMT http://localhost/ticket/129#comment:5 http://localhost/ticket/129#comment:5 <ul> <li><strong>status</strong> changed from <em>new</em> to <em>closed</em> </li> <li><strong>resolution</strong> set to <em>invalid</em> </li> </ul> <p> Implementing this would make it less likely that new code would be written to be insecure. But it would also make a lot of things harder. Decided not to do it. </p> Ticket