Bug 882946

Summary: if "filter: ..." header is set, use query instead of search to list items
Product: Red Hat Enterprise Virtualization Manager Reporter: Idith Tal-Kohen <italkohe>
Component: ovirt-engine-restapiAssignee: Ravi Nori <rnori>
Status: CLOSED NEXTRELEASE QA Contact: Ondra Machacek <omachace>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.1.1CC: aburden, bazulay, cpelland, djasa, dyasny, ecohen, iheim, mpastern, omachace, oramraz, Rhev-m-bugs, rnori, sgrinber, ykaul
Target Milestone: ---Keywords: Reopened, ZStream
Target Release: 3.1.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: SI27 Doc Type: Bug Fix
Doc Text:
Previously, if the filter heading was specified in an API query by a user, the results would include insufficient permission exceptions for objects denied to the user. Now, the query is limited to the user's permissions and returns only objects for which the user has permissions.
 Story Points: ---
Clone Of: 869334 Environment:
Last Closed: 2013-05-23 08:56:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 869334    
Bug Blocks:    

Comment 2 Ondra Machacek 2013-02-13 15:40:25 UTC 
Does not work, when non admin user have permissions on vmpool and try to access /vmpools url, response is "query execution failed due to insufficient permissions."

To reproduce:
1) Create vmpool
2) Add UserRole permissions on vmpool.
3) As user check /vmpools url.
Comment 7 Ravi Nori 2013-04-25 20:11:43 UTC 
From what I understand user should have access to /api/groups and /api/groups/{id}
Comment 9 Ravi Nori 2013-04-26 12:44:17 UTC 
(In reply to comment #7)
> From what I understand user should have access to /api/groups and
> /api/groups/{id}

the above should read user should not have access to /api/groups and /api/groups/{id}