Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-9140

It is possible to perform alarms/notifications actions through the Acks ReST end point without permissions

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Blocker
    • Resolution: Fixed
    • 19.0.1
    • 19.1.0, 20.0.0, Meridian-2016.1.5
    • REST
    • Security Level: Default (Default Security Scheme)
    • None
    • Horizon - March 15th, Horizon - March 29th

    Description

      In order to acknowledge, unacknowledge, clear or escalate alarms (and something similar for ack/unack notifications), the user requires appropriate permissions.

      In fact, the ReST end-points for alarms enforce this and return permission denied if the user cannot perform the action.

      Unfortunately, this is not the case when someone perform the same goal through /acks (instead of /alarms).

      Besides that, the user that appeared on the action is "admin", and not the actual user who requested the change.

      Attachments

        Activity

          People

            fooker Dustin Frisch
            agalue Alejandro Galue
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: