Bug 1376641 - Tweaks to the dependent products RPC interface.
Summary: Tweaks to the dependent products RPC interface.
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Bugzilla
Classification: Community
Component: WebService
Version: 5.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified vote
Target Milestone: 5.0
Assignee: Matt Tyson 🤬
QA Contact: tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-16 03:03 UTC by Matt Tyson 🤬
Modified: 2018-12-09 06:29 UTC (History)
3 users (show)

Fixed In Version: 5.0.3-rh8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-11 01:04:26 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Matt Tyson 🤬 2016-09-16 03:03:12 UTC 
This is to tweak the Dependent Products RPC interface.

- Filter out products that the user is not allowed to see.

Users shouldn't be able to view, add or remove products they are not allowed to see.

- Open up DependentProducts.get to public users.

DependentProducts.get is needed to determine the list of products that can be entered as valid dependent products.  This RPC call should return a list of products that the user is allowed to see.

It should only return the manager contact email addresses if you are in the 'editcomponents' group.
Comment 1 Rony Gong 🔥 2016-10-10 07:37:12 UTC 
Tested on QA environment(5.0.3-rh8)
Result: Pass
Steps:
1.public user couldn't get the unaccessable products by DependentProducts.get
2.none 'editcomponents' user couldn't get the manager contact email addresses
3.none 'editcomponents' user couldn't update DependentProducts
Note You need to log in before you can comment on or make changes to this bug.