Add functional and entity checks for SLAs

Description

None

Environment

None

Activity

Show:
Greg Hart
May 24, 2017, 8:36 PM

These steps are able to bypass the check:
1. Login as Admin
2. Create a new SLA
3. Copy the JSON rest model for the SLA
4. Login as a user who doesn't have access to a feed used by the SLA
5. Call POST /v1/feedmgr/sla with the JSON rest model for the SLA

Expected result:
The call fails with access denied exception.

Actual result:
The call succeeds and the SLA is updated.

Greg Hart
May 24, 2017, 8:42 PM

The check is also not done for:

Scott Reisdorf
May 24, 2017, 8:56 PM

good catch.. i will fix the first issue.
The Assessments is a known item. I dont have access checks around that yet

Scott Reisdorf
May 25, 2017, 3:47 AM

created to track the 1 outstanding issue. Closing this jira

Done

Assignee

Scott Reisdorf

Reporter

Greg Hart

Labels

None

Reviewer

None

Story point estimate

None

Sprint

None

Fix versions

Priority

Medium