-
Notifications
You must be signed in to change notification settings - Fork 351
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Search Bar #1
Labels
Comments
Thank you for notice. To fix this bug you should exclude check for no ACL methods in ACL Interceptor. Just replace method Oro\Bundle\UserBundle\Acl\AclInterceptor::intercept with following code: public function intercept(MethodInvocation $method)
{
$this->logger->info(
sprintf('User invoked class: "%s", Method: "%s".', $method->reflection->class, $method->reflection->name)
);
$token = $this->securityContext->getToken();
if ($token) {
$aclId = $this->getAclId($method);
if ($aclId) {
$accessRoles = $this->getAclManager()->getAclRoles($aclId);
if (false === $this->accessDecisionManager->decide($token, $accessRoles, $method)) {
//check if we have internal action - show blank
if ($this->container->get('request')->attributes->get('_route') == '_internal') {
return new Response('');
}
throw new AccessDeniedException('Access denied.');
}
}
}
return $method->proceed();
} This bug will be fixed in the next release. |
yshyshkin, your code is wrong! You delete access check for actions without acl roles! |
oro-buildbot
pushed a commit
that referenced
this issue
Dec 24, 2015
Sync with orocrm/platform master branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi,
I don't know if the search bar is exactly the main problem yet... I created a new user with a custom role... For playing, I edited role ACL and I removed "address manipulation" for example. I decided to connect me with this new account. The search bar was not printed... and when I wanted to access to a page I got the following JavaScript error : "TypeError: queryString2 is undefined" (file searchBar.js from the searchBundle, line 104).
Indeed, the script try to get the value of the element with the id #search-bar-search which does not exist... The javascript execution was stoped and the loader was not removed...
What is the best way to fix this bug?
Thanks
The text was updated successfully, but these errors were encountered: