(ofbiz-framework) branch release18.12 updated: Added permission check for ProgramExport.groovy and EntitySQLProcessor.groovy, If user does not have permission don't execute the groovy file (#821)

Wed, 10 Jul 2024 05:16:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

deepak pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release18.12 by this push:
     new 31d8d7eea1 Added permission check for ProgramExport.groovy and 
EntitySQLProcessor.groovy, If user does not have permission don't execute the 
groovy file (#821)
31d8d7eea1 is described below

commit 31d8d7eea12df3fd05f33ffa292f7a50a7cbd3ba
Author: Deepak Dixit <dee...@apache.org>
AuthorDate: Wed Jul 10 17:39:51 2024 +0530

    Added permission check for ProgramExport.groovy and 
EntitySQLProcessor.groovy, If user does not have permission don't execute the 
groovy file (#821)
---
 framework/webtools/groovyScripts/entity/EntitySQLProcessor.groovy | 3 +++
 framework/webtools/groovyScripts/entity/ProgramExport.groovy      | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/framework/webtools/groovyScripts/entity/EntitySQLProcessor.groovy 
b/framework/webtools/groovyScripts/entity/EntitySQLProcessor.groovy
index b5259b74f8..29fd73f3b0 100644
--- a/framework/webtools/groovyScripts/entity/EntitySQLProcessor.groovy
+++ b/framework/webtools/groovyScripts/entity/EntitySQLProcessor.groovy
@@ -26,6 +26,9 @@ import java.util.Iterator
 import org.apache.ofbiz.entity.*
 import org.apache.ofbiz.entity.model.ModelGroupReader
 
+if (!security.hasPermission('ENTITY_MAINT', userLogin)) {
+    return
+}
 sqlCommand = context.request.getParameter("sqlCommand")
 
 resultMessage = ""
diff --git a/framework/webtools/groovyScripts/entity/ProgramExport.groovy 
b/framework/webtools/groovyScripts/entity/ProgramExport.groovy
index bb37f42a13..9ac97d64c5 100644
--- a/framework/webtools/groovyScripts/entity/ProgramExport.groovy
+++ b/framework/webtools/groovyScripts/entity/ProgramExport.groovy
@@ -29,6 +29,9 @@ import org.codehaus.groovy.control.CompilerConfiguration
 import org.codehaus.groovy.control.MultipleCompilationErrorsException
 import org.codehaus.groovy.control.ErrorCollector
 
+if (!security.hasPermission('ENTITY_MAINT', userLogin)) {
+    return
+}
 String groovyProgram = null
 recordValues = []
 errMsgList = []

Reply via email to