(ofbiz-framework) branch trunk updated: Fixed: Enhance security by requiring authentication for WebSiteContactList operations

Wed, 03 Jun 2026 08:43:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

jacopoc pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new ff1595ef23 Fixed: Enhance security by requiring authentication for 
WebSiteContactList operations
ff1595ef23 is described below

commit ff1595ef2398f32cb1d808688467252618e3ea8c
Author: Jacopo Cappellato <[email protected]>
AuthorDate: Wed Jun 3 11:31:17 2026 +0200

    Fixed: Enhance security by requiring authentication for WebSiteContactList 
operations
---
 applications/content/webapp/content/WEB-INF/controller.xml     | 6 +++---
 applications/marketing/servicedef/services.xml                 | 3 +++
 applications/marketing/webapp/marketing/WEB-INF/controller.xml | 6 +++---
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/applications/content/webapp/content/WEB-INF/controller.xml 
b/applications/content/webapp/content/WEB-INF/controller.xml
index bb31f4cf8d..c809c8b1b6 100644
--- a/applications/content/webapp/content/WEB-INF/controller.xml
+++ b/applications/content/webapp/content/WEB-INF/controller.xml
@@ -1756,19 +1756,19 @@ under the License.
         <response name="success" type="view" value="WebSiteContactList"/>
     </request-map>
     <request-map uri="createWebSiteContactList">
-        <security https="true" auth="false"/>
+        <security https="true" auth="true"/>
         <event type="service" invoke="createWebSiteContactList"/>
         <response name="success" type="view" value="WebSiteContactList"/>
         <response name="error" type="view" value="WebSiteContactList"/>
     </request-map>
     <request-map uri="updateWebSiteContactList">
-        <security https="true" auth="false"/>
+        <security https="true" auth="true"/>
         <event type="service" invoke="updateWebSiteContactList"/>
         <response name="success" type="view" value="WebSiteContactList"/>
         <response name="error" type="view" value="WebSiteContactList"/>
     </request-map>
     <request-map uri="deleteWebSiteContactList">
-        <security https="true" auth="false"/>
+        <security https="true" auth="true"/>
         <event type="service" invoke="deleteWebSiteContactList"/>
         <response name="success" type="view" value="WebSiteContactList"/>
         <response name="error" type="view" value="WebSiteContactList"/>
diff --git a/applications/marketing/servicedef/services.xml 
b/applications/marketing/servicedef/services.xml
index c6c020888e..87012ca1e9 100644
--- a/applications/marketing/servicedef/services.xml
+++ b/applications/marketing/servicedef/services.xml
@@ -296,16 +296,19 @@ under the License.
     <!-- WebSiteContactList services -->
     <service name="createWebSiteContactList" engine="simple" 
default-entity-name="WebSiteContactList"
         
location="component://marketing/minilang/marketing/contact/ContactListServices.xml"
 invoke="createWebSiteContactList">
+        <permission-service service-name="marketingPermissionService" 
main-action="CREATE"/>
         <auto-attributes mode="IN" include="pk" optional="false"/>
         <auto-attributes mode="IN" include="nonpk" optional="true"/>
     </service>
     <service name="updateWebSiteContactList" engine="simple" 
default-entity-name="WebSiteContactList"
         
location="component://marketing/minilang/marketing/contact/ContactListServices.xml"
 invoke="updateWebSiteContactList">
+        <permission-service service-name="marketingPermissionService" 
main-action="UPDATE"/>
         <auto-attributes mode="IN" include="pk" optional="false"/>
         <auto-attributes mode="IN" include="nonpk" optional="true"/>
     </service>
     <service name="deleteWebSiteContactList" engine="simple" 
default-entity-name="WebSiteContactList"
         
location="component://marketing/minilang/marketing/contact/ContactListServices.xml"
 invoke="deleteWebSiteContactList">
+        <permission-service service-name="marketingPermissionService" 
main-action="DELETE"/>
         <auto-attributes mode="IN" include="pk" optional="false"/>
     </service>
     
diff --git a/applications/marketing/webapp/marketing/WEB-INF/controller.xml 
b/applications/marketing/webapp/marketing/WEB-INF/controller.xml
index 0293dea377..7ea53b7d84 100644
--- a/applications/marketing/webapp/marketing/WEB-INF/controller.xml
+++ b/applications/marketing/webapp/marketing/WEB-INF/controller.xml
@@ -315,19 +315,19 @@ under the License.
         <response name="success" type="view" value="WebSiteContactList"/>
     </request-map>
     <request-map uri="createWebSiteContactList">
-        <security https="true" auth="false"/>
+        <security https="true" auth="true"/>
         <event type="service" invoke="createWebSiteContactList"/>
         <response name="success" type="view" value="WebSiteContactList"/>
         <response name="error" type="view" value="WebSiteContactList"/>
     </request-map>
     <request-map uri="updateWebSiteContactList">
-        <security https="true" auth="false"/>
+        <security https="true" auth="true"/>
         <event type="service" invoke="updateWebSiteContactList"/>
         <response name="success" type="view" value="WebSiteContactList"/>
         <response name="error" type="view" value="WebSiteContactList"/>
     </request-map>
     <request-map uri="deleteWebSiteContactList">
-        <security https="true" auth="false"/>
+        <security https="true" auth="true"/>
         <event type="service" invoke="deleteWebSiteContactList"/>
         <response name="success" type="view" value="WebSiteContactList"/>
         <response name="error" type="view" value="WebSiteContactList"/>

Reply via email to