APIv2 don't respect service_display_command ACL

[proxyconcept]

BUG REPORT INFORMATION

Prerequisites

Versions

RPM based systems

centreon-broker-22.04.0-13.el8.x86_64
centreon-broker-cbd-22.04.0-13.el8.x86_64
centreon-broker-cbmod-22.04.0-13.el8.x86_64
centreon-broker-core-22.04.0-13.el8.x86_64
centreon-broker-storage-22.04.0-13.el8.x86_64
centreon-central-22.04.0-2.el8.noarch
centreon-clib-22.04.0-13.el8.x86_64
centreon-common-22.04.0-2.el8.noarch
centreon-connector-22.04.0-13.el8.x86_64
centreon-connector-perl-22.04.0-13.el8.x86_64
centreon-connector-ssh-22.04.0-13.el8.x86_64
centreon-database-22.04.0-2.el8.noarch
centreon-engine-22.04.0-13.el8.x86_64
centreon-engine-daemon-22.04.0-13.el8.x86_64
centreon-engine-extcommands-22.04.0-13.el8.x86_64
centreon-gorgone-22.04.0-9.el8.noarch
centreon-gorgone-centreon-config-22.04.0-9.el8.noarch
centreon-perl-libs-22.04.0-2.el8.noarch
centreon-poller-22.04.0-2.el8.noarch
centreon-release-22.04-3.el8.noarch
centreon-trap-22.04.0-2.el8.noarch
centreon-web-22.04.0-2.el8.noarch

Operating System

Red Hat Enterprise Linux 8.6

Browser used

• [ ] Google Chrome
• [x] Firefox
• [ ] Internet Explorer IE11
• [ ] Safari

Version: 91.9.0esr (64 bits)

Description

The Rest APIv2 method "Resource / Get information on service resource" don't care about the Action ACL "Display executed command by monitoring engine"

Steps to Reproduce

1. Configure an ACL "Action Access" without the option "service_display_command"
2. Login with a simple user that is linked to this ACL
3. Open the new service details panel (via Monitoring / Resources Status)

Describe the received result

The command line is displayed in the new service details tab. The JSON response from APIv2 contain all the service details. Note that it's okay with the old service details page (via Monitoring / Status Details / Services)

Describe the expected result

The service details tab should not have the command line block. The JSON response from APIv2 must be filtered according to the ACL for the "command_line" attribute.