Laszlo Hornyak has posted comments on this change.
Change subject: engine: replace some parameter classes with IdQueryParameters
......................................................................
Patch Set 1: (1 inline comment)
Hi Allon,
Thistime I only had time enough for this. That's why the commit comment is
'some parameter classes' not 'all parameter classes', but I will return to the
classes you mentioned when I have some time for them.
....................................................
File
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDbUserByUserIdQuery.java
Line 12: @Override
Line 13: protected void executeQueryCommand() {
Line 14: getQueryReturnValue().setReturnValue(
Line 15: DbFacade.getInstance().getDbUserDao()
Line 16: .get((getParameters()).getId()));
Apparently this query is only used by restapi at the moment, but really does
access other users than the authenticated. E.g. permissions.
Line 17: }
--
To view, visit http://gerrit.ovirt.org/14260
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I057ce109ecde4d86312bd4e96803bf62229e1741
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Laszlo Hornyak <lhorn...@redhat.com>
Gerrit-Reviewer: Allon Mureinik <amure...@redhat.com>
Gerrit-Reviewer: Doron Fediuck <dfedi...@redhat.com>
Gerrit-Reviewer: Gilad Chaplik <gchap...@redhat.com>
Gerrit-Reviewer: Laszlo Hornyak <lhorn...@redhat.com>
Gerrit-Reviewer: Michael Pasternak <mpast...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
