----- Original Message ----- > From: "Itamar Heim" <[email protected]> > To: "Brian Vetter" <[email protected]> > Cc: [email protected] > Sent: Tuesday, October 2, 2012 3:15:34 AM > Subject: Re: [Users] Authentication for REST APIs? > > On 10/02/2012 06:28 AM, Brian Vetter wrote: > > I've done two different things. First, I associated one of my > > groups in my directory with being a VMUser which gave members > > access to a particular VM. If I login with one of those users via > > the User portal, I can see their VM (or VMs if I do more than > > one). If I use the REST API (or ovirt-shell) using this user's > > account and password, I get an unauthorized error. > > > > Similarly, I have another group that is assigned the DomainManager > > role. If I add this other user to that group, when I login with > > that user via the user portal, I see the advanced portal. If I use > > the REST-API (using curl) or ovirt-shell and use the user's login > > information, I now am authorized and see a list of VMs returned as > > XML (in the case of curl). > > > > That said, I see all VMs in the system, not just the one assigned > > to the user that logged in. So this makes me think that either the > > REST API for getting the APIs as suggested by the article is an > > administrative API and there is either (a) a different rest > > API/uri that returns the logged in user's vms (the list that would > > be returned to the portal) or (b) no way to get a particular > > user's list of VMs authenticated as the user. > > you need to specify to the api you want to view things in "user mode" > via the filter header. > Example: > curl -X GET -H "Filter: true" -u user@domain:password > http://[servername]:PORT/api/vms
Yes, and if using the SDK set filter=true when calling the API constructor (is there a reason filtered isn't the default? Wouldn't this suit both uses - admin/non-admin - better?). Steve _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
