Skip to content
GitLab
Commit c55520b3 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

:ambulance: fix(webservice): Forbid searching for attributes you cannot read 

This makes sure that ACLs are respected when using ls method from
 webservice, with the following limitations:
It assumes that aclName == attributeName, otherwise the attribute is
 forbidden.
It assumes reading the main attribute is always authorized when the
 object can be seen.
It slows down the search in the case where you can read attribute in
 foo,bar but you search in bar.
All LDAP attributes can be used in the search filter.

issue #5704
parent 0ce24dcd
dev 6104-mail-methods-refactor 6231-give-the-ability-to-the-webservice-to-notice-if-an-attribute-is-monovalued-or-multivalued 6237-add-requiredattrs-array-to-the-webservice-informations 6245-adapt-the-ci-to-the-reorganisation-of-the-dev-tools-and-fixing-the-trigger-downstream-pipelines 6250-supann-configuration-backend-requires-account-life-cycle-section 6280-plugins-update-plugins-to-take-into-consideration-the-new-directory-of-core-structure 6310-tasks-reminder-error-in-the-schema-duplicate-attribute-id 6311-put-the-version-1-5-in-all-yaml-for-fusiondirectory-1-5 6322-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen-2 6332-zimbra-allows-update-of-data-for-unknown-domain-name-for-specific-individual-aliases 6337-webservice-issue-with-archiving-post-request-not-responding-but-successfully-archiving-user 6341-supann-extract-resources-states-sub-states-from-backend-configuration-to-their-own-objects master fusiondirectory-1.5 fusiondirectory-1.4 fusiondirectory-1.3.1 fusiondirectory-1.3
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 46 additions and 1 deletion
+46 -1
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment