Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

TestHarness servlet should only be accesible to "Super Admin" role #310

Closed
iperdomo opened this issue Jul 23, 2013 · 3 comments
Closed

TestHarness servlet should only be accesible to "Super Admin" role #310

iperdomo opened this issue Jul 23, 2013 · 3 comments
Assignees
@iperdomo
Milestone
Dashboard 1.6.1

Comments

@iperdomo
Copy link
Contributor

The TestHarness servlet is now available to any authenticated user. This servlet contains actions potentially harmful (e.g. deleting data). Therefore it needs to be accesible to Super Admin role.

Steps to reproduce:

  • Login with a user that only has USER role and access the test harness URL: http://host/webapp/testharness
  • Use the know commands to trigger an action, e.g rebuildQuestionSumaries

Expected result:

  • The user should get a 403 access denied page

Current result:

  • A user can trigger any action
@ghost ghost assigned iperdomo Jul 23, 2013
iperdomo added a commit that referenced this issue Jul 23, 2013
@iperdomo
Issue #310 - Secure calls to testharness servlet
8602807 
* The calls to /webapp/testharness are now secured and
  the user requires `SUPER_ADMIN` role
@mtwestra
Copy link
Contributor

Code reviewed and correct.

@caetie caetie reopened this Jul 30, 2013
@mtwestra
Copy link
Contributor

needs functionality testing

@caetie
Copy link
Contributor

caetie commented Jul 30, 2013

Testing steps:

  1. Log in to dashboard as User or Admin
  2. Paste testharness into URL field

Expected:
see 403 - Error: Access is denied

Actual:
PASS (testing as User)

@caetie caetie closed this as completed Jul 30, 2013
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@iperdomo iperdomo

Labels
None yet
Projects
None yet
Milestone
Dashboard 1.6.1
Development

No branches or pull requests
3 participants
@iperdomo @mtwestra @caetie