版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/i042416/article/details/86768002
The current handling on authorization check result is: if checks is successful, navigate to edit page, or else display error message.
And any end user who is able to use Chrome development tool can manually change the ActionSuccessful to ‘X’ even if he didn’t have enough authorization in the backend.
So is this authorization check really necessary since it could somehow be bypassed. What if an unauthorized user has circumvented this check and continuously executed the code of opportunity save? Is there any authorization check embedded in CRM_ORDER_MAINTAIN?
要获取更多Jerry的原创文章,请关注公众号"汪子熙":
