REST API: improve tenant scoping of autohold, authorizations
Improve whitelabeling support of the REST API.
* autohold-info now checks that the tenant in the REST query matches the
tenant of the autohold request looked up by id. Return a 404 Not Found if the
autohold request's tenant doesn't match the REST query's tenant.
* autohold-delete: DELETE /api/tenant/{tenant}/autohold/{id}
returns a 403 Forbidden if the autohold id does not match the tenant
* authorizations: /api/user/authorizations is deprecated in favor of
the scoped endpoint: GET /api/tenant/{tenant}/authorizations which
returns a list of authorized tenants scoped to {tenant}, ie either
[tenant,] or [] depending on the user's authorizations.
Change-Id: Ibbe5e07a886d54ecd641bb64f02e28dbf8025659
This commit is contained in:
Matthieu Huin
11
releasenotes/notes/scoping_REST_API-866574c4d73c577a.yaml
Normal file
11
releasenotes/notes/scoping_REST_API-866574c4d73c577a.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
REST API: authorizations: add a tenant-scoped endpoint at
|
||||
'/api/tenant/{tenant}/authorizations'. Calling the endpoint will return
|
||||
a list of admin tenants limited to the scoped tenant, if the user has admin
|
||||
privileges on it.
|
||||
deprecations:
|
||||
- |
|
||||
REST API: authorizations: the /api/user/authorizations endpoint is deprecated
|
||||
in favor of the tenant-scoped endpoint. It will be removed next release.
|
||||
Reference in New Issue
Block a user