Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9140

It is possible to perform alarms/notifications actions through the Acks ReST end point without permissions

          Details

          • Type: Bug
          • Status: Resolved (View Workflow)
          • Priority: Blocker
          • Resolution: Fixed
          • Affects Version/s: 19.0.1
          • Fix Version/s: 19.1.0, 20.0.0, Meridian-2016.1.5
          • Component/s: REST
          • Security Level: Default (Default Security Scheme)
          • Labels:
            None
          • Sprint:
            Horizon - March 15th, Horizon - March 29th

            Description

            In order to acknowledge, unacknowledge, clear or escalate alarms (and something similar for ack/unack notifications), the user requires appropriate permissions.

            In fact, the ReST end-points for alarms enforce this and return permission denied if the user cannot perform the action.

            Unfortunately, this is not the case when someone perform the same goal through /acks (instead of /alarms).

            Besides that, the user that appeared on the action is "admin", and not the actual user who requested the change.

              Attachments

                Activity

                  People

                  • Assignee:
                    fooker Dustin Frisch
                    Reporter:
                    agalue Alejandro Galue
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: