genericobject icon indicating copy to clipboard operation
genericobject copied to clipboard
verified publisher icon pluginsGLPI

Unauthorized Access to items via direct link in GenericObject Plugin

Open nerwack opened this issue 1 year ago • 0 comments

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

Is there an existing issue for this?

  • [x] I have searched the existing issues

GLPI Version

10.0.11

Plugin version

2.14.11

Bug description

In GLPI, we have added the GenericObject plugin and created an object called "Token." We then added items to this object. When you click a direct link, you see a message that says “You are not authorized to perform this operation” and a link that says “Return to previous page.” Clicking the “Return to Previous Page” link does not lead to the expected action.

Image

In such situations, it is expected that a message prompting the user to log in (with a corresponding button) should be displayed, or the user should be immediately redirected to the GLPI login page, similar to what happens when accessing https://example.com/front/computer.form.php.

Relevant log output

Page URL

No response

Steps To reproduce

  1. Install the GenericObject plugin in GLPI.

  2. Create an object called "Token."

Image

  1. Add items to the "Token" object.

  2. Logout.

  3. Attempt to access the equipment via a direct link.

For example: https://xxxxxx.xxx/marketplace/genericobject/front/object.form.php?itemtype=PluginGenericobjectToken&id=1

Your GLPI setup information

No response

Anything else?

No response

nerwack avatar Jan 31 '25 14:01 nerwack