Bug 882946 - if "filter: ..." header is set, use query instead of search to list items
if "filter: ..." header is set, use query instead of search to list items
Status: CLOSED NEXTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-restapi (Show other bugs)
3.1.1
Unspecified Unspecified
unspecified Severity medium
: ---
: 3.1.5
Assigned To: Ravi Nori
Ondra Machacek
infra
: Reopened, ZStream
Depends On: 869334
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-03 07:47 EST by Idith Tal-Kohen
Modified: 2016-02-10 14:25 EST (History)
14 users (show)

See Also:
Fixed In Version: SI27
Doc Type: Bug Fix
Doc Text:
Previously, if the filter heading was specified in an API query by a user, the results would include insufficient permission exceptions for objects denied to the user. Now, the query is limited to the user's permissions and returns only objects for which the user has permissions.
Story Points: ---
Clone Of: 869334
Environment:
Last Closed: 2013-05-23 04:56:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 12088 None None None Never
oVirt gerrit 14257 None None None Never

  None (edit)
Comment 2 Ondra Machacek 2013-02-13 10:40:25 EST
Does not work, when non admin user have permissions on vmpool and try to access /vmpools url, response is "query execution failed due to insufficient permissions."

To reproduce:
1) Create vmpool
2) Add UserRole permissions on vmpool.
3) As user check /vmpools url.
Comment 7 Ravi Nori 2013-04-25 16:11:43 EDT
From what I understand user should have access to /api/groups and /api/groups/{id}
Comment 9 Ravi Nori 2013-04-26 08:44:17 EDT
(In reply to comment #7)
> From what I understand user should have access to /api/groups and
> /api/groups/{id}

the above should read user should not have access to /api/groups and /api/groups/{id}

Note You need to log in before you can comment on or make changes to this bug.