fc0f669dec
Non privileged users of unrelated projects must not be able to retrieve details of an access rule. We can add a further check to /share-access-rules APIs to validate that the caller has access to the share that these rules pertain to. Change-Id: I0009a3d682ee5d9a946821c3f82dfd90faa886aa Closes-Bug: #1917417 Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
8 lines
277 B
YAML
8 lines
277 B
YAML
---
|
|
security:
|
|
- |
|
|
An RBAC policy check has been enforced against the GET /share-access-rules
|
|
API to ensure that users are permitted to access the share that the
|
|
access rule belongs to. See `bug 1917417
|
|
<https://launchpad.net/bugs/1917417>`_ for more details.
|