Bug 867547 - rest api returns 400 code on insufficient permissions (403 should be returned)
rest api returns 400 code on insufficient permissions (403 should be returned)
Status: CLOSED DUPLICATE of bug 755579
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-restapi (Show other bugs)
3.1.0
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Michael Pasternak
Oded Ramraz
infra
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-17 12:50 EDT by David Jaša
Modified: 2016-02-10 14:05 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-18 03:55:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Jaša 2012-10-17 12:50:27 EDT
Description of problem:
rest api returns 400 code on insufficient permissions (403 should be returned)

I've encountered it at accessing of /api/vms as a non-admin user without "filter: true" set but it may be present elsewhere as well.

Version-Release number of selected component (if applicable):
si19.1 / 3.1-18

How reproducible:
always

Steps to Reproduce:
1. as a user with no admin role, access /api/vms without "filter: true" header set:
$ curl -D - ... \
     -X GET https://rhevm.example.com/api/vms
2.
3.
  
Actual results:
HTTP/1.1 400 Bad Request
Date: Wed, 17 Oct 2012 16:45:09 GMT
Content-Type: application/xml
Content-Length: 188
Connection: close

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<fault>
    <reason>Operation Failed</reason>
    <detail>query execution failed due to insufficient permissions.</detail>
</fault>

Expected results:
you'll get HTTP/1.1 403 Forbidden

Additional info:
Comment 1 Michael Pasternak 2012-10-18 03:53:53 EDT
this issue was raised some time ago, and will be possible only after 
[1] is implemented.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=755575
Comment 2 Michael Pasternak 2012-10-18 03:55:02 EDT

*** This bug has been marked as a duplicate of bug 755579 ***

Note You need to log in before you can comment on or make changes to this bug.