[jira] [Updated] (TC-533) GET /api/$version/deliveryservices/xmlId/#xmlid/sslkeys needs to have tenancy check in place

Wed, 16 Aug 2017 11:50:33 -0700 

     [ 
https://issues.apache.org/jira/browse/TC-533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jeremy Mitchell updated TC-533:
-------------------------------
    Description: 
Tenancy was introduced in 2.1, however, by default it is turned off via the 
use_tenancy parameter but when activated it is used to limit the scope of 
delivery services that a user can act on.

The following APIs needs to check tenancy to ensure users cannot act on ds's 
that they don't have access to.

get("/api/$version/deliveryservices/xmlId/#xmlid/sslkeys
post("/api/$version/deliveryservices/sslkeys/generate
post("/api/$version/deliveryservices/sslkeys/add
get("/api/$version/deliveryservices/xmlId/:xmlid/sslkeys/delete

  was:
Tenancy was introduced in 2.1, however, by default it is turned off via the 
use_tenancy parameter but when activated it is used to limit the scope of 
delivery services that a user can act on.

GET /api/$version/deliveryservices/xmlId/#xmlid/sslkeys needs to check tenancy 
to ensure users cannot view ds info of ds's that they don't have access to.


> GET /api/$version/deliveryservices/xmlId/#xmlid/sslkeys needs to have tenancy 
> check in place
> --------------------------------------------------------------------------------------------
>
>                 Key: TC-533
>                 URL: https://issues.apache.org/jira/browse/TC-533
>             Project: Traffic Control
>          Issue Type: Bug
>          Components: Traffic Ops API
>    Affects Versions: 2.1.0
>            Reporter: Jeremy Mitchell
>            Assignee: Nir Sopher
>
> Tenancy was introduced in 2.1, however, by default it is turned off via the 
> use_tenancy parameter but when activated it is used to limit the scope of 
> delivery services that a user can act on.
> The following APIs needs to check tenancy to ensure users cannot act on ds's 
> that they don't have access to.
> get("/api/$version/deliveryservices/xmlId/#xmlid/sslkeys
> post("/api/$version/deliveryservices/sslkeys/generate
> post("/api/$version/deliveryservices/sslkeys/add
> get("/api/$version/deliveryservices/xmlId/:xmlid/sslkeys/delete



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to