From e08e3feec4b329bd249f595ba807c9fbae3c282d Mon Sep 17 00:00:00 2001 From: Jannik Schönartz Date: Tue, 26 Feb 2019 07:23:12 +0000 Subject: [permissionmanager] Fix security bug: Code was executed weather the user had the permission or not --- webapp/src/components/PermissionModuleEdit.vue | 2 +- webapp/src/components/PermissionModuleGrantRevoke.vue | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'webapp') diff --git a/webapp/src/components/PermissionModuleEdit.vue b/webapp/src/components/PermissionModuleEdit.vue index 70c61f4..c026f54 100644 --- a/webapp/src/components/PermissionModuleEdit.vue +++ b/webapp/src/components/PermissionModuleEdit.vue @@ -272,7 +272,7 @@ export default { groups: filteredGroups, blacklist: filteredBlacklist }).then(response => { - this.$snackbar({ color: 'success', text: this.$t('roleSavedSuccess'), timeout: 15000 }) + this.$snackbar({ color: 'success', text: this.$t('roleSavedSuccess') }) this.$store.dispatch('permissions/loadRoleData') this.$store.commit('permissions/setEdit', false) }).catch(error => { diff --git a/webapp/src/components/PermissionModuleGrantRevoke.vue b/webapp/src/components/PermissionModuleGrantRevoke.vue index 81afece..a137ea1 100644 --- a/webapp/src/components/PermissionModuleGrantRevoke.vue +++ b/webapp/src/components/PermissionModuleGrantRevoke.vue @@ -147,9 +147,9 @@ export default { await this.$http.post('/api/users/' + this.selectedUsers[i].id + '/roles' + (this.grant ? '' : '/?delete'), { ids: roleIds }) } if (this.grant) { - this.$snackbar({ color: 'success', text: this.$t('roleGrantedSuccess'), timeout: 15000 }) + this.$snackbar({ color: 'success', text: this.$t('roleGrantedSuccess') }) } else { - this.$snackbar({ color: 'success', text: this.$t('roleRevokedSuccess'), timeout: 15000 }) + this.$snackbar({ color: 'success', text: this.$t('roleRevokedSuccess') }) } this.$store.dispatch('permissions/loadUserData') this.$store.commit('permissions/setGrantRevoke', false) -- cgit v1.2.3-55-g7522