You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/09/05 10:34:00 UTC
[jira] [Commented] (IGNITE-9472) REST API has no permission checks
for cluster activation/deactivation
[ https://issues.apache.org/jira/browse/IGNITE-9472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16604252#comment-16604252 ]
ASF GitHub Bot commented on IGNITE-9472:
----------------------------------------
GitHub user ibessonov opened a pull request:
https://github.com/apache/ignite/pull/4686
IGNITE-9472 Added permissions check on cluster activation
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/gridgain/apache-ignite ignite-9472
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/ignite/pull/4686.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #4686
----
commit 7e1adaafb807dfc4fe5b747e484bab88c4d93bfd
Author: ibessonov <be...@...>
Date: 2018-09-05T09:08:43Z
IGNITE-9472 Added permissions check on cluster activation
----
> REST API has no permission checks for cluster activation/deactivation
> ---------------------------------------------------------------------
>
> Key: IGNITE-9472
> URL: https://issues.apache.org/jira/browse/IGNITE-9472
> Project: Ignite
> Issue Type: Bug
> Reporter: Ivan Bessonov
> Assignee: Ivan Bessonov
> Priority: Major
>
> ADMIN_OPS permission should be required for CLUSTER_ACTIVE / CLUSTER_INACTIVE commands. This has to be done in GridRestProcessor.authorize method.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)