Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects versions: None
    • Fix versions: 1.6.0
    • Components: Core
    • Labels:
      None
    • Sprint:

      Description

      The tenant REST APIs are only using coarse-grained permissions to control access. Currently, this means that only tenant administrators can access many of the REST services even when users are marked with self-editing permissions. Also, tenant REST APIs should verify that the authenticated user is in the list of allowed users for a tenant before giving access to its data.

        Attachments

          Activity

            People

            • Assignee:
              dadams DerekA
              Reporter:
              dadams DerekA
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: