[NMS-9140] It is possible to perform alarms/notifications actions through the Acks ReST end point without permissions - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 19.0.1
Fix Version/s: 19.1.0, 20.0.0, Meridian-2016.1.5
Component/s: REST
Security Level: Default (Default Security Scheme)
Labels:
None

Sprint:
Horizon - March 15th, Horizon - March 29th

Description

In order to acknowledge, unacknowledge, clear or escalate alarms (and something similar for ack/unack notifications), the user requires appropriate permissions.

In fact, the ReST end-points for alarms enforce this and return permission denied if the user cannot perform the action.

Unfortunately, this is not the case when someone perform the same goal through /acks (instead of /alarms).

Besides that, the user that appeared on the action is "admin", and not the actual user who requested the change.

Attachments

Activity

People

Assignee:: Dustin Frisch

Reporter:: Alejandro Galue

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Feb/17 7:01 AM

Updated:: 03/Apr/17 9:05 PM

Resolved:: 03/Apr/17 5:05 PM

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.