You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by "Jeremy Mitchell (JIRA)" <ji...@apache.org> on 2017/08/16 18:58:00 UTC

[jira] [Created] (TC-535) DS URL sig key apis needs to have tenancy check in place

Jeremy Mitchell created TC-535:
----------------------------------

             Summary: DS URL sig key apis needs to have tenancy check in place
                 Key: TC-535
                 URL: https://issues.apache.org/jira/browse/TC-535
             Project: Traffic Control
          Issue Type: Bug
          Components: Traffic Ops API
    Affects Versions: 2.1.0
            Reporter: Jeremy Mitchell
            Assignee: Nir Sopher


Tenancy was introduced in 2.1, however, by default it is turned off via the use_tenancy parameter but when activated it is used to limit the scope of delivery services that a user can act on.

The following APIs needs to check tenancy to ensure users cannot act on ds's that they don't have access to.

post("/api/$version/deliveryservices/xmlId/:xmlId/urlkeys/generate
post("/api/$version/deliveryservices/xmlId/:xmlId/urlkeys/copyFromXmlId/:copyFromXmlId
get("/api/$version/deliveryservices/xmlId/:xmlId/urlkeys



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)