Search Bar #1
Labels
Comments
|
Thank you for notice. To fix this bug you should exclude check for no ACL methods in ACL Interceptor. Just replace method Oro\Bundle\UserBundle\Acl\AclInterceptor::intercept with following code: public function intercept(MethodInvocation $method)
{
$this->logger->info(
sprintf('User invoked class: "%s", Method: "%s".', $method->reflection->class, $method->reflection->name)
);
$token = $this->securityContext->getToken();
if ($token) {
$aclId = $this->getAclId($method);
if ($aclId) {
$accessRoles = $this->getAclManager()->getAclRoles($aclId);
if (false === $this->accessDecisionManager->decide($token, $accessRoles, $method)) {
//check if we have internal action - show blank
if ($this->container->get('request')->attributes->get('_route') == '_internal') {
return new Response('');
}
throw new AccessDeniedException('Access denied.');
}
}
}
return $method->proceed();
}This bug will be fixed in the next release. |
|
yshyshkin, your code is wrong! You delete access check for actions without acl roles! |
oro-buildbot
pushed a commit
that referenced
this issue
Dec 24, 2015
Sync with orocrm/platform master branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi,
I don't know if the search bar is exactly the main problem yet... I created a new user with a custom role... For playing, I edited role ACL and I removed "address manipulation" for example. I decided to connect me with this new account. The search bar was not printed... and when I wanted to access to a page I got the following JavaScript error : "TypeError: queryString2 is undefined" (file searchBar.js from the searchBundle, line 104).
Indeed, the script try to get the value of the element with the id #search-bar-search which does not exist... The javascript execution was stoped and the loader was not removed...
What is the best way to fix this bug?
Thanks
The text was updated successfully, but these errors were encountered: