882946 – if "filter: ..." header is set, use query instead of search to list items

Bug 882946 - if "filter: ..." header is set, use query instead of search to list items

Summary: if "filter: ..." header is set, use query instead of search to list items

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-restapi
Sub Component:
Version:	3.1.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	3.1.5
Assignee:	Ravi Nori
QA Contact:	Ondra Machacek
Docs Contact:
URL:
Whiteboard:	infra
Depends On:	869334
Blocks:
TreeView+	depends on / blocked

Reported:	2012-12-03 12:47 UTC by Idith Tal-Kohen
Modified:	2016-02-10 19:25 UTC (History)
CC List:	14 users (show)
Fixed In Version:	SI27
Doc Type:	Bug Fix
Doc Text:	Previously, if the filter heading was specified in an API query by a user, the results would include insufficient permission exceptions for objects denied to the user. Now, the query is limited to the user's permissions and returns only objects for which the user has permissions.
Clone Of:	869334
Environment:
Last Closed:	2013-05-23 08:56:53 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	12088	0	None	None	None	Never
oVirt gerrit	14257	0	None	None	None	Never

Comment 2 Ondra Machacek 2013-02-13 15:40:25 UTC

Does not work, when non admin user have permissions on vmpool and try to access /vmpools url, response is "query execution failed due to insufficient permissions."

To reproduce:
1) Create vmpool
2) Add UserRole permissions on vmpool.
3) As user check /vmpools url.

Comment 7 Ravi Nori 2013-04-25 20:11:43 UTC

From what I understand user should have access to /api/groups and /api/groups/{id}

Comment 9 Ravi Nori 2013-04-26 12:44:17 UTC

(In reply to comment #7)
> From what I understand user should have access to /api/groups and
> /api/groups/{id}

the above should read user should not have access to /api/groups and /api/groups/{id}

Note You need to log in before you can comment on or make changes to this bug.