Techsystech
/
web
mirror of https://github.com/OCA/web.git
3
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity
1,386 Commits
13 Branches
0 Tags
300 MiB
Commit Graph

5 Commits (915d30d6bd799cb6b2bad61a66253e56e1d7d481)

Author SHA1 Message Date
Guewen Baconnier 7924072514 Prevent to send web notifications to other users 
Only the admin user (sudo) is allowed to send notifications to other
users. The normal users can only send notifications to themselves.

This is to prevent attackers to craft malicious notifications and send
them to other users using RPC.

Correction based on the idea of @hbrunn
 2018-10-09 08:28:53 +02:00
Guewen Baconnier 8b2818c73b Correct tests 2018-07-31 15:19:43 +02:00
Houzéfa Abbasbhay 5cb0d4974f [10.0][FIX] web_notify tests: Fix an arg check 
Fix a check when comparing a user count with items within a mock call.

The previous method was succeeding by pure luck because OCA test
databases contain 2 users, which happens to be the amount of items
within a mock "call_args" (it contains args + kwargs).
 2017-08-17 13:37:14 +02:00
Jay Vora(SerpentCS) 6a1ebe8e3d [MIG] Migration of web_notify 2016-11-18 18:52:57 +05:30
Laurent Mignon (ACSONE) 8b2079b3ef Improve logic and add tests 2016-09-21 11:05:31 +02:00