falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Balu Vellanki (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-466) REST APIs must add the entity owner as an implicit filter
Date Wed, 30 Jul 2014 20:42:39 GMT

    [ https://issues.apache.org/jira/browse/FALCON-466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14079938#comment-14079938

Balu Vellanki commented on FALCON-466:

Thank you Venkatesh, I incorporated the suggestions made by you. I deleted the old patch and
updated a new one name Falcon-Jira-466.v2.patch.

This patch should be applied in sequence, after patches provided under Falcon JIRA-470 named
falcon-470-471-472-473.patch and Falcon JIRA-504 named Falcon-Jira-504.patch

> REST APIs must add the entity owner as an implicit filter
> ---------------------------------------------------------
>                 Key: FALCON-466
>                 URL: https://issues.apache.org/jira/browse/FALCON-466
>             Project: Falcon
>          Issue Type: Sub-task
>          Components: webapp
>    Affects Versions: 0.6
>            Reporter: Venkatesh Seetharam
>            Assignee: Balu Vellanki
>              Labels: authorization, security
>             Fix For: 0.6
>         Attachments: FALCON-466.patch
> Implement authorization for entity actions. Entity created by one user should not be
updated/deleted by another user. Entity operations will only apply for the entities owned
by that user.
> Entity and instance operations must add the authenticated user/owner as an implicit filter
so the user operates on only his entities. For example: List will return entities belonging
to the authenticated user, lifecycle operations such as delete/kill/suspend/resume/etc. are
only applicable to the owner of the entity. 

This message was sent by Atlassian JIRA

View raw message