Hello,
I am currently testing Doliwoo (a great stuff) and have just lost many
times to finally discover that my problem was that the webservice user
did not have permission to read thirdparties (a good thing i think).
But... the webservice can create thirdparties or orders without having
permissions !!!
I checked the code server_thirdparty.php and effectively, permission
checking exists on fetching or deleting thirdparty but not on creating
or updating...
Before i make a pull request or create an issue i would like to be sure
if the "normal" behaviour would be to always check user permissions (i
think so) or not, or if there is a reason for this lack of permission
check in some cases ?
Best regards
---------------------------------------
/Christophe Battarel
Responsable technique Altairis/
+33 (0)9 52 71 70 96
Altairis <http://www.altairis.fr> - Blog <http://www.altairis.fr/blog> -
Modules Dolibarr <http://www.altairis.fr/modules> - Twitter
<https://www.twitter.com/altairis_fr>
Financez vos projets avec Dolipro <http://www.dolipro.org>
_______________________________________________
Dolibarr-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
