Add functional and entity checks for SLAs

Description

None

Environment

None

Activity

Show:

Greg Hart

May 24, 2017, 8:36 PM

Copy link to comment

These steps are able to bypass the check:
1. Login as Admin
2. Create a new SLA
3. Copy the JSON rest model for the SLA
4. Login as a user who doesn't have access to a feed used by the SLA
5. Call POST /v1/feedmgr/sla with the JSON rest model for the SLA

Expected result:
The call fails with access denied exception.

Actual result:
The call succeeds and the SLA is updated.

Greg Hart

May 24, 2017, 8:42 PM

Copy link to comment

The check is also not done for:

Scott Reisdorf

May 24, 2017, 8:56 PM

Copy link to comment

good catch.. i will fix the first issue.
The Assessments is a known item. I dont have access checks around that yet

Scott Reisdorf

May 25, 2017, 3:47 AM

Copy link to comment

created to track the 1 outstanding issue. Closing this jira

Done

Assignee

Scott Reisdorf

Reporter

Greg Hart

Labels

None

Reviewer

None

Story point estimate

None

Sprint

None

Fix versions

0.8.1

Priority

Medium

Configure

INSTALACION DE KYLO

Add functional and entity checks for SLAs

Description

Environment

Activity

Assignee

Reporter

Labels

Reviewer

Story point estimate

Sprint

Fix versions

Priority