restricted config parameter available for normal users

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • papermoon
    Junior Member
    • Dec 2021
    • 24

    #1

    restricted config parameter available for normal users

    Not sure what you think about it, I just found it out by mistake. But I will mention it anyway. EspoCRM 9.1.7

    I defined a new config parameter with level admin in config.json

    HTML Code:
    {
      "params": {
        "blablabla": {
          "level": "admin"
        }
      }
    }
    I will skip the rest of the configuration, basically this works fine. So as Administrator I can define my parameter value. Now when I login as normal user, this parameter is not available in this.getConfig().attributes.blablabla. But when I login as Administrator, then log out and in the same tab login as normal user again, the parameter is still available.

    Andre
  • yuri
    Member
    • Mar 2014
    • 9095

    #2
    Likely, the config model data is not erased on logout. I'll look into. Not a big deal from the security point of view though.
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment

    Working...