Horreum icon indicating copy to clipboard operation
Horreum copied to clipboard

Published 20 hours ago verified publisher icon Hyperfoil

Schema list returns count of all schemas, regardless of visibilty

Open johnaohara opened this issue 1 year ago • 2 comments

GET calls to /api/schema returns a count of number of Schemas for pagination, but does not apply visibility of schemas for current user. This provides an incorrect total number of schemas available for the current user as they do not have access to all schemas in the system

johnaohara avatar May 09 '23 10:05 johnaohara

Hm, so I doesn't look like we do any role checking on the query: https://github.com/Hyperfoil/Horreum/blob/master/horreum-backend/src/main/java/io/hyperfoil/tools/horreum/svc/SchemaServiceImpl.java#L193 Here is what we do for tests: https://github.com/Hyperfoil/Horreum/blob/master/horreum-backend/src/main/java/io/hyperfoil/tools/horreum/svc/TestServiceImpl.java#L238

In TestServiceImpl we explicitly check for roles, should we do similar for Schma? Also, it looks like Tests also returns the total amount of tests with using TestDAO.count() instead of using the size returned by the query that check for roles. @johnaohara ?

stalep avatar Sep 29 '23 07:09 stalep

On Hold due to https://github.com/Hyperfoil/Horreum/discussions/1603

johnaohara avatar May 09 '24 08:05 johnaohara