[jira] [Commented] (CLOUDSTACK-6508) impossible to list projects from API with domainid set

Thu, 21 Aug 2014 07:01:12 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14105382#comment-14105382
 ] 

ASF subversion and git services commented on CLOUDSTACK-6508:
-------------------------------------------------------------

Commit 6e20058fb7fd482b4bbcd30f3c78aaa59c6c09d3 in cloudstack's branch 
refs/heads/4.4 from [~saksham]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=6e20058 ]

CLOUDSTACK-6508: impossible to list projects from API with domainid set

(cherry picked from commit 19b72d6cf57665fc3935fdd7f7e9dad9117f0616)
Signed-off-by: Rohit Yadav <[email protected]>


> impossible to list projects from API with domainid set
> ------------------------------------------------------
>
>                 Key: CLOUDSTACK-6508
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6508
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: API
>    Affects Versions: 4.2.1, 4.3.0
>            Reporter: ivan derbenev
>            Assignee: Saksham Srivastava
>              Labels: S1
>
> Hello, it's my first issue ever, so sorry if i made smth wrong.
> Today we was trying to setup jCloud module for jenkins, and stuck with error.
> it throws GET request:
> /client/api/?response=json&command=listProjects&listAll=true&account=jenkins&domainid=%domainid%&apiKey=%apikey%&signature=%sig%
> and returns error:
> Can't list domain id= 1 projects; unauthorized
> i have only one ROOT domain, and this user belongs to this domain
> if i go into cloudmonkey and call:
> list projects listall=true account=jenkins domainid=%domainid%
> it throws error too. If i don't use "domainid" attribute, query works properly
> if i call any other api function with "domainid" attribute, query works 
> properly
> i looked into cloudstack sources and found this function:
> https://github.com/apache/cloudstack/blob/master/server/src/com/cloud/api/query/QueryManagerImpl.java
> listProjectsInternal function
> line 1309
>  if (domainId != null && domainId.equals(caller.getDomainId())) {
>                 throw new PermissionDeniedException("Can't list domain id= " 
> + domainId + " projects; unauthorized");
>             }
> so if i understand it well it check whether i provide a domainid and if user 
> belongs to domain with this domainid it throws exception
> I don't think this is how this API function should work.
> Am i mistaken anywhere or this is really a bug?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to