1. Disable fleshing for PCRUD. Otherwise fleshing would provide a

back door whereby a user could see stuff he has no permission to see.

2. For the id_list method: strip out the "flesh_fields" entry, not
the "flesh_columns" entry (which doesn't exist).  This actually makes
no difference, but if we're going to do something useless, we might
as well do it right.

M    Open-ILS/src/c-apps/oils_sql.c

git-svn-id: svn://svn.open-ils.org/ILS/trunk@16747 dcc99617-32d9-48b4-a31d-7c20da2025e4

diff --git a/Open-ILS/src/c-apps/oils_sql.c b/Open-ILS/src/c-apps/oils_sql.c
index 56397e6..c4c90b6 100644 (file)
--- a/Open-ILS/src/c-apps/oils_sql.c
+++ b/Open-ILS/src/c-apps/oils_sql.c
@@ -1100,7 +1100,7 @@ int doIdList( osrfMethodContext* ctx ) {
                jsonObjectRemoveKey( rest_of_query, "select" );
                jsonObjectRemoveKey( rest_of_query, "no_i18n" );
                jsonObjectRemoveKey( rest_of_query, "flesh" );
-               jsonObjectRemoveKey( rest_of_query, "flesh_columns" );
+               jsonObjectRemoveKey( rest_of_query, "flesh_fields" );
        } else {
                rest_of_query = jsonNewObjectType( JSON_HASH );
        }
@@ -5225,8 +5225,10 @@ static jsonObject* doFieldmapperSearch( osrfMethodContext* ctx, osrfHash* class_
        dbi_result_free( result );
        free( sql );
 
-       // If we're asked to flesh, and there's anything to flesh, then flesh.
-       if( res_list->size && query_hash ) {
+       // If we're asked to flesh, and there's anything to flesh, then flesh it
+       // (but not for PCRUD, lest the user to bypass permissions by fleshing
+       // something that he has no permission to look at).
+       if( res_list->size && query_hash && ! enforce_pcrud ) {
                _tmp = jsonObjectGetKeyConst( query_hash, "flesh" );
                if( _tmp ) {
                        // Get the flesh depth