Message 77956

Author
ced
Date
2022-09-09.12:50:59
Message id
77956

Content

When defining create and delete access on xxx2Many fields, they are just followed by the clients (disabling buttons). But we could also enforce them on the server side of the field. For now only read and write accesses are enforced by ModelStorage.
This is not really a security issue because without a direct access restriction on the target model, it is still possible to call directly the ModelStorage.create and ModelStorage.delete on the target.
But for consistency it will be good to enforce it on the server side.

History
Date User Action Args
2022-09-09 12:50:59cedsetmessageid: <1662720659.5336027.W6TSNYJNR4NBAAMH.issue11693@tryton.org>
2022-09-09 12:50:59cedlinkissue11693 messages
2022-09-09 12:50:59cedcreate

Showing 10 items. Show all history (warning: this could be VERY long)