Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9140

It is possible to perform alarms/notifications actions through the Acks ReST end point without permissions

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 19.0.1
    • Fix Version/s: 19.1.0, 20.0.0, Meridian-2016.1.5
    • Component/s: REST
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Sprint:
      Horizon - March 15th, Horizon - March 29th

      Description

      In order to acknowledge, unacknowledge, clear or escalate alarms (and something similar for ack/unack notifications), the user requires appropriate permissions.

      In fact, the ReST end-points for alarms enforce this and return permission denied if the user cannot perform the action.

      Unfortunately, this is not the case when someone perform the same goal through /acks (instead of /alarms).

      Besides that, the user that appeared on the action is "admin", and not the actual user who requested the change.

        Attachments

          Activity

            People

            • Assignee:
              fooker Dustin Frisch
              Reporter:
              agalue Alejandro Galue
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: