Michael Pasternak has posted comments on this change. Change subject: restapi: if filter: header is set, use query instead of search (#882946) ......................................................................
Patch Set 3: I would prefer that you didn't submit this (1 inline comment) .................................................... File backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java Line 91: Line 92: // Users queries Line 93: GetUserVmsByUserIdAndGroups(VdcQueryAuthType.User), Line 94: GetTimeLeasedUsersByVmPoolId, Line 95: GetAllDbUsers(VdcQueryAuthType.User), this should not be visible to user by default, same problem exist in upstream, user should be able to see it only if it has MANIPULATE_USERS/MANIPULATE_ROLES/MANIPULATE_PERMISSIONS permission/s, i suggest to revert this in 3.1.z and implement properly in upstream Line 96: GetDbUserByUserId(VdcQueryAuthType.User), Line 97: GetUsersByVmid, Line 98: GetVmsByUserid, Line 99: GetUserMessage, -- To view, visit http://gerrit.ovirt.org/14257 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I54b79dc86e4f6d6b28c5e720200b093d246f0806 Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: engine_3.1 Gerrit-Owner: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Michael Pasternak <mpast...@redhat.com> Gerrit-Reviewer: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
