Bugzilla – Full Text Bug Listing
| Summary: | [server] User should not be able to modify his own roles | ||
|---|---|---|---|
| Product: | [ECD] Orion | Reporter: | Szymon Brandys <Szymon.Brandys> |
| Component: | Client | Assignee: | Malgorzata Janczarska <malgorzata.tomczyk> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | P3 | ||
| Version: | 0.2 | ||
| Target Milestone: | 0.2 | ||
| Hardware: | PC | ||
| OS: | Windows XP | ||
| Whiteboard: | |||
|
Description
Szymon Brandys
I removed adding roles on PUT /users/[userId] and POST /users/[userId]. Now even if they are a part of post/put data they are not saved. I change also API, because with previous API adding users "roles" would do some mess. Current API is: //POST /users/ creates a new user //GET /users/ gets list of users //GET /users/[userId] gets user details //GET /users/[usersId]/roles returns a list of roles for given user //DELETE /users/[usersId] deletes a user //DELETE /users/[usersId]/roles removes roles for given a user //PUT /users/[userId] updates user details //PUT /users/[usersId]/roles adds roles for given user And only //GET /users/[usersId]/roles and //DELETE /users/[usersId]/roles can add and remove roles. User no longer gets rights to /users/[usersId]/*, only to /users/[usersId], because there are no other actions that fall into /users/[usersId]/* other then roles. |