Techsystech
/
web
mirror of https://github.com/OCA/web.git
3
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity
879 Commits
15 Branches
0 Tags
506 MiB
Commit Graph

8 Commits (11.0)

Author SHA1 Message Date
Guewen Baconnier bf9fb3a23e Prevent to send web notifications to other users 
Only the admin user (sudo) is allowed to send notifications to other
users. The normal users can only send notifications to themselves.

This is to prevent attackers to craft malicious notifications and send
them to other users using RPC.

Correction based on the idea of @hbrunn
 2018-10-09 08:30:01 +02:00
Damien Bouvy c1765f97c3 [MIG] web_notify: Migration to 11.0 
- Use the 'session' class of the JS Framework (session no lounger bound
to web client)
- Test change: compare emitted & received messages based on content, not
order. Using string comparison raises false positives.
 2018-04-03 10:13:42 +01:00
Jay Vora(SerpentCS) 21de391509 [MIG] Migration of web_notify 2018-04-03 10:13:42 +01:00
Jay Vora(SerpentCS) 9ac7c7c35b [MIG] Migration of web_notify 2018-04-03 10:13:42 +01:00
Laurent Mignon (ACSONE) 859f054302 Don't store channel names since the perf gain is negligible and not worth additional database columns. 2018-04-03 10:13:42 +01:00
Laurent Mignon (ACSONE) 08ae304da9 Remove required flag 2018-04-03 10:13:42 +01:00
Laurent Mignon (ACSONE) f2de5d8663 Improve logic and add tests 2018-04-03 10:13:42 +01:00
Laurent Mignon (ACSONE) f916f2c9f1 New module web_notify 
This technical module allows you to send instant notification messages from the server to the user in live.
 2018-04-03 10:13:42 +01:00