Skip to content
GitLab
Unverified Commit 4a5d8ada authored by Côme Chilliet's avatar Côme Chilliet
Browse files

:ambulance: fix(webservice) Fix permissive ACL check for deleting an attribute 

issue #6126
parent 0cdb433b
dev 6231-give-the-ability-to-the-webservice-to-notice-if-an-attribute-is-monovalued-or-multivalued 6237-add-requiredattrs-array-to-the-webservice-informations 6245-adapt-the-ci-to-the-reorganisation-of-the-dev-tools-and-fixing-the-trigger-downstream-pipelines 6250-supann-configuration-backend-requires-account-life-cycle-section 6280-plugins-update-plugins-to-take-into-consideration-the-new-directory-of-core-structure 6310-tasks-reminder-error-in-the-schema-duplicate-attribute-id 6311-put-the-version-1-5-in-all-yaml-for-fusiondirectory-1-5 6322-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen-2 6332-zimbra-allows-update-of-data-for-unknown-domain-name-for-specific-individual-aliases 6337-webservice-issue-with-archiving-post-request-not-responding-but-successfully-archiving-user 6341-supann-extract-resources-states-sub-states-from-backend-configuration-to-their-own-objects master fusiondirectory-1.5 fusiondirectory-1.4
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 2 deletions
+2 -2
webservice/html/rest.php
+ 2
2
View file @ 4a5d8ada
......@@ -481,8 +481,8 @@ class fdRestService extends fdRPCService
throw new WebServiceError('Inactive tab', 400);
}
if (!$object->attrIsReadable($attribute)) {
throw new WebServiceError('Not enough rights to read "'.$attribute.'"', 403);
if (!$object->attrIsWriteable($attribute)) {
throw new WebServiceError('Not enough rights to delete "'.$attribute.'"', 403);
}
$object->attributesAccess[$attribute]->resetToDefault();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment