Return-Path: X-Original-To: apmail-falcon-dev-archive@minotaur.apache.org Delivered-To: apmail-falcon-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1C6EA11B75 for ; Tue, 17 Jun 2014 08:13:23 +0000 (UTC) Received: (qmail 85332 invoked by uid 500); 17 Jun 2014 08:13:23 -0000 Delivered-To: apmail-falcon-dev-archive@falcon.apache.org Received: (qmail 85285 invoked by uid 500); 17 Jun 2014 08:13:23 -0000 Mailing-List: contact dev-help@falcon.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@falcon.incubator.apache.org Delivered-To: mailing list dev@falcon.incubator.apache.org Received: (qmail 85274 invoked by uid 99); 17 Jun 2014 08:13:22 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Jun 2014 08:13:22 +0000 X-ASF-Spam-Status: No, hits=-2000.7 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 17 Jun 2014 08:13:21 +0000 Received: (qmail 85168 invoked by uid 99); 17 Jun 2014 08:13:01 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Jun 2014 08:13:01 +0000 Date: Tue, 17 Jun 2014 08:13:01 +0000 (UTC) From: "Venkatesh Seetharam (JIRA)" To: dev@falcon.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (FALCON-466) REST APIs must add the entity owner as an implicit filter MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/FALCON-466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Venkatesh Seetharam updated FALCON-466: --------------------------------------- Description: Entity and instance operations must add the authenticated user/owner as an implicit filter so the user operates on only his entities. For example: List will return entities belonging to the authenticated user, lifecycle operations such as delete/kill/suspend/resume/etc. are only applicable to the owner of the entity. (was: Entity and instance operations must add the authenticated user/owner as an implicit filter so the user sees only his entities.) > REST APIs must add the entity owner as an implicit filter > --------------------------------------------------------- > > Key: FALCON-466 > URL: https://issues.apache.org/jira/browse/FALCON-466 > Project: Falcon > Issue Type: Sub-task > Components: webapp > Affects Versions: 0.6 > Reporter: Venkatesh Seetharam > Labels: authorization, security > > Entity and instance operations must add the authenticated user/owner as an implicit filter so the user operates on only his entities. For example: List will return entities belonging to the authenticated user, lifecycle operations such as delete/kill/suspend/resume/etc. are only applicable to the owner of the entity. -- This message was sent by Atlassian JIRA (v6.2#6252)