concord icon indicating copy to clipboard operation
concord copied to clipboard
verified publisher icon walmartlabs

Showing process ids otherwise inaccessible when filtering with org

Open pranavparikh opened this issue 5 years ago • 5 comments

When logged in with a non admin account , /api/v2/process?initiator=myusername&limit=50 doesn’t return the process id from the org where the user doesn't have access to. But we do see such process ids with this call /api/v2/process?orgName=notmyorgname&&initiator=nonadminuser&projectName=notmyproject&limit=50 . If the user doesn’t have access to the org and the project, should it still show the processes if filtered by the org and project name?

pranavparikh avatar Sep 01 '20 04:09 pranavparikh

It should behave like the v1 version and judging by the code it already does the filtering based on the current user's orgs and projects, e.g. https://github.com/walmartlabs/concord/blob/master/server/impl/src/main/java/com/walmartlabs/concord/server/process/ProcessResourceV2.java#L252

Can you make a test to illustrate the issue?

ibodrov avatar Sep 01 '20 14:09 ibodrov

Hey @pranavparikh! Any updates? Should we keep the issue open?

ibodrov avatar Nov 06 '20 18:11 ibodrov

@ibodrov , Let me try making a test

pranavparikh avatar Nov 09 '20 21:11 pranavparikh

@pranavparikh any progress or should we close this?

ibodrov avatar Feb 26 '21 23:02 ibodrov

@ibodrov , Can you check out this test ?

pranavparikh avatar Mar 02 '21 18:03 pranavparikh