-
Notifications
You must be signed in to change notification settings - Fork 521
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TRUNK-6203: Global properties access should be privileged #608
Conversation
@@ -210,8 +211,16 @@ public static boolean ipMatches(String ip, List<String> candidateIps) { | |||
* @return the list of IPs | |||
*/ | |||
public static List<String> getAllowedIps() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this called before login?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is called before accessing the O3 login page.
String allowedIpsProperty = ""; | ||
try { | ||
Context.addProxyPrivilege("Get Global Properties"); | ||
allowedIpsProperty = Context.getAdministrationService() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you just pass allowedIpsProperty
as the second argument.
.getGlobalProperty(RestConstants.ALLOWED_IPS_GLOBAL_PROPERTY_NAME, ""); | ||
String allowedIpsProperty = ""; | ||
try { | ||
Context.addProxyPrivilege("Get Global Properties"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not use PrivilegeConstants
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PrivilegeConstants.GET_GLOBAL_PROPERTIES
is not available in the platform version that this module uses
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which version is it?
@dkayiwa I updated this PR. |
Description of what I changed
After openmrs/openmrs-core#4601, users must possess the 'Get Global Properties' privilege to access global properties. This grants it as a proxy privilege so users can access essential pages, such as the login page.
Issue I worked on
see https://openmrs.atlassian.net/browse/TRUNK-6203
Checklist: I completed these to help reviewers :)
My IDE is configured to follow the code style of this project.
No? Unsure? -> configure your IDE, format the code and add the changes with
git add . && git commit --amend
I have added tests to cover my changes. (If you refactored
existing code that was well tested you do not have to add tests)
No? -> write tests and add them to this commit
git add . && git commit --amend
I ran
mvn clean package
right before creating this pull request andadded all formatting changes to my commit.
No? -> execute above command
All new and existing tests passed.
No? -> figure out why and add the fix to your commit. It is your responsibility to make sure your code works.
My pull request is based on the latest changes of the master branch.
No? Unsure? -> execute command
git pull --rebase upstream master