Jump to content
Changes to the Jaspersoft community edition download ×

iReport Plugin for JasperIntelligence-bug?


Grazy Mos

Recommended Posts

I really got some serious doubt about the safety of jasperintelligence, for the sake of testing i installed a clean version of jasperintelligence, ireport with the plugin.

 

 

When I created a reportunit in jasperintelligence I could see it and run it in ireport. But when i was trying to delete the unit or any other random folder it did it without a warning/error. I also was able to add new reportunit.

 

 

If i was logged as a administrator it would be fine but i was logged in at ireports as a USER! As far as i am aware users couldnt do this in jasperintelligence. So is this a bug? or am i missing something?

 

Thanks in advance,

 

Niels

Post edited by: Grazy Mos, at: 2006/11/22 14:16

Link to comment
Share on other sites

  • Replies 7
  • Created
  • Last Reply

Top Posters In This Topic

Update

 

After reinstalling iReports and jasperintelligence it several times it, the ireportplugin still has more rights then i should have.

 

 

I also tested the ireport plugin on a "clean" pc, same problem. I supspect that my jasperIntelligence doesnt handle the roles correctly. Or that some kind of admin cookie is stored within jasperIntelligence

 

 

I would really want to know if the same problems happen on other jasperIntelligence machines, If someone could test it out and give me the results,

 

 

Thanks,

 

Niels

Link to comment
Share on other sites

Thank you, please note thats the bug is probably not only on the plugin side, but more likely in the security settings of jasperintelligence.

 

Even if the plugin request a create/edit/delete action to jasperintelligence he should refuse it, when logged in as a user.

Link to comment
Share on other sites

  • 2 weeks later...

Hi Grazy

 

I'm writing some Unit tests to check all the permission checks in the webservices. I think the problem is related to a missing check of the permission level in the Webservice code. In other words if you can access a resource, the ws let you do what you want. Anyway, I'm not yet sure about that. I'll let you know soon.

 

Giulio

Link to comment
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...