Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-4444

Verify permissions to access subresources of current resource

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 7.0
    • Fix Version/s: 7.0
    • Component/s: REST API v7
    • Labels:
      None
    • Attachments:
      0
    • Comments:
      2
    • Documentation Status:
      Needed

      Description

      When using subresources (e.g. /server/api/core/communities/c0e4de93-f506-4990-a840-d406f6f2ada7/collections or /server/api/core/collections/51715dd3-5590-49f2-b227-6a663c849921/parentCommunity) the permissions of both the main resource and the subresources should be verified. This should happen both when embedding and when performing the call directly.

      This is apparently not verified anywhere in REST and should preferably be solved at a higher level (not per subresource) to ensure no use cases are forgotten

        Attachments

          Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. DS-4432 Traversing the REST API could be possible to reach not accessible objects

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

            Activity

              People

              Assignee:
              benbosman Ben Bosman
              Reporter:
              benbosman Ben Bosman
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support