Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EE1D210129 for ; Fri, 27 Dec 2013 11:18:34 +0000 (UTC) Received: (qmail 80446 invoked by uid 500); 27 Dec 2013 11:18:13 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 80304 invoked by uid 500); 27 Dec 2013 11:18:05 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 80225 invoked by uid 500); 27 Dec 2013 11:17:59 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 80115 invoked by uid 99); 27 Dec 2013 11:17:51 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Dec 2013 11:17:51 +0000 Date: Fri, 27 Dec 2013 11:17:51 +0000 (UTC) From: "manasaveloori (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Closed] (CLOUDSTACK-3364) normal users are not allowed to edit their own iso MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-3364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] manasaveloori closed CLOUDSTACK-3364. ------------------------------------- Verified that isExtratable and isFeatured fields are not editable and not passed for updateIsoPermission API.So account use is able to edit his own ISO. Hence closing it. > normal users are not allowed to edit their own iso > -------------------------------------------------- > > Key: CLOUDSTACK-3364 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3364 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: API > Affects Versions: 4.2.0 > Reporter: shweta agarwal > Assignee: Nitin Mehta > Priority: Critical > Fix For: 4.3.0 > > > Repro steps: > 1.Create a domain > 2.create a account under that domain > 3.create a ISO as a account under the non root domain > 4.Edit the ISO > BUg : > gets message: > Only ROOT admins are allowed to modify this attribute. > API: > http://10.147.38.141:8080/client/api?command=updateIsoPermissions&response=json&sessionkey=8rczMjm4sfljFOEi6dL2xT631sc%3D&id=2b8c87a0-4325-418d-80af-ce6f691edcd7&zoneid=bfdf7ac5-16c3-491e-aabd-f7ad696612b8&ispublic=false&isfeatured=false&isextractable=false&_=1372941865923 > response: > { "updateisopermissionsresponse" : {"uuidList":[],"errorcode":431,"cserrorcode":4350,"errortext":"Only ROOT admins are allowed to modify this attribute."} } > This may be because in case of edit ISO we show extractable and featured field as editable to normal user , which normal user is not allowed to do and api passes these as parameters > In case of template these fields are shown as non editable hence API passed does not contain isfeatured and isextractable fields -- This message was sent by Atlassian JIRA (v6.1.5#6160)