IDEMPIERE-4268 Web Services : Read miss cross-tenant check (#436)
Two more points found about cross tenant readin in MClient and MUser
This commit is contained in:
parent
894ceb8c4f
commit
02ce1f3c1f
|
@ -104,9 +104,21 @@ public class MClient extends X_AD_Client implements ImmutablePOSupport
|
|||
*/
|
||||
public static MClient[] getAll (Properties ctx, String orderBy)
|
||||
{
|
||||
List<MClient> list = new Query(ctx,I_AD_Client.Table_Name,(String)null,(String)null)
|
||||
List<MClient> list = null;
|
||||
int cid = Env.getAD_Client_ID(Env.getCtx());
|
||||
try {
|
||||
if (cid > 0) {
|
||||
// forced potential cross tenant read - requires System client in context
|
||||
Env.setContext(Env.getCtx(), Env.AD_CLIENT_ID, 0);
|
||||
}
|
||||
list = new Query(ctx,I_AD_Client.Table_Name,(String)null,(String)null)
|
||||
.setOrderBy(orderBy)
|
||||
.list();
|
||||
} finally {
|
||||
if (cid > 0) {
|
||||
Env.setContext(Env.getCtx(), Env.AD_CLIENT_ID, cid);
|
||||
}
|
||||
}
|
||||
for(MClient client:list ){
|
||||
s_cache.put (Integer.valueOf(client.getAD_Client_ID()), client, e -> new MClient(Env.getCtx(), e));
|
||||
}
|
||||
|
|
|
@ -822,8 +822,19 @@ public class MUser extends X_AD_User implements ImmutablePOSupport
|
|||
pstmt.setInt (3, getAD_User_ID());
|
||||
pstmt.setInt (4, AD_Org_ID);
|
||||
rs = pstmt.executeQuery ();
|
||||
int cid = Env.getAD_Client_ID(Env.getCtx());
|
||||
try {
|
||||
if (cid > 0) {
|
||||
// forced potential cross tenant read - requires System client in context
|
||||
Env.setContext(Env.getCtx(), Env.AD_CLIENT_ID, 0);
|
||||
}
|
||||
while (rs.next ())
|
||||
list.add (new MRole(Env.getCtx(), rs, get_TrxName()));
|
||||
} finally {
|
||||
if (cid > 0) {
|
||||
Env.setContext(Env.getCtx(), Env.AD_CLIENT_ID, cid);
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue