[Engine-patches] Change in ovirt-engine[master]: restapi : Non admin user have access to /hosts url (#909692)

Tue, 12 Feb 2013 00:41:08 -0800 

Michael Pasternak has posted comments on this change.

Change subject: restapi : Non admin user have access to /hosts url (#909692)
......................................................................


Patch Set 1: I would prefer that you didn't submit this

(2 inline comments)

....................................................
File 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java
Line 33:     GetAllSiblingVlanInterfaces,
Line 34:     GetVlanParent,
Line 35:     GetVdsHooksById,
Line 36:     GetVdsHooksById2,
Line 37:     GetAllHosts,
please do the same for GetVdsByVdsId
Line 38:     GetHostsByClusterId(VdcQueryAuthType.User),
Line 39:     IsDisplayAddressConsistentInCluster,
Line 40:     GetAllVdsByStoragePool(VdcQueryAuthType.User),
Line 41: 


....................................................
File 
backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendHostsResource.java
Line 44:     @Override
Line 45:     public Hosts list() {
Line 46:         // Filtered users are not allowed to view hosts
Line 47:         if (isFiltered()) {
Line 48:             throw new 
WebApplicationException(Response.Status.FORBIDDEN);
1. this error is not needed as you removed (VdcQueryAuthType.User) from 
GetAllHosts query

2. please also remove this exception from BackendHostResource.get() after you
make GetVdsByVdsId admin-only as well

thanks.
Line 49:         }
Line 50:         ApplicationMode appMode = 
getCurrent().get(ApplicationMode.class);
Line 51:         if (appMode == ApplicationMode.GlusterOnly)
Line 52:         {


--
To view, visit http://gerrit.ovirt.org/11933
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I496a9560d462156944c3aa23b61d2b6d587d1700
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Ravi Nori <[email protected]>
Gerrit-Reviewer: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Ravi Nori <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to