9453701fb4
The API list methods were not handling unscoped tokens correctly. If the API is using the admin_or_owner-policy.yaml policy override file, and a user used an unscoped token, the API will list objects for all projects. This patch corrects that issue. If you are using the default policies, the API handles unscoped tokens correctly. Change-Id: I88e64fd5e8a4c709f735be85b85139dbb52e4acd
11 lines
347 B
YAML
11 lines
347 B
YAML
---
|
|
security:
|
|
- |
|
|
If you are using the admin_or_owner-policy.yaml policy override file
|
|
you should upgrade your API processes to include the unscoped token fix.
|
|
The default policies are not affected by this issue.
|
|
fixes:
|
|
- |
|
|
Fixes an issue when using the admin_or_owner-policy.yaml policy override
|
|
file and unscoped tokens.
|