[jira] [Created] (CLOUDSTACK-1688) AWS Regions - Domain admin user is not able to use getUser() command to fetch user details.

Thu, 14 Mar 2013 17:30:13 -0700 

Sangeetha Hariharan created CLOUDSTACK-1688:
-----------------------------------------------

             Summary: AWS Regions - Domain admin user is not able to use 
getUser() command to fetch user details.
                 Key: CLOUDSTACK-1688
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1688
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.1.0
         Environment: Build from 4.1
            Reporter: Sangeetha Hariharan
             Fix For: 4.1.0


AWS Regions - Domain admin user is not able to use getUser() command to fetch 
user details.

As domain admin user , try to execute getUser() API call for a regular user who 
belongs to this domain. 

Api returnd error:

http://10.223.131.202:8080/client/api?command=getUser&response=json&sessionkey=Y3XVal5FZOFZobsJggzkMet5rT0%3D&userapikey=2Ffgfp460CozE0yojXXQd3gbLozpWqjz9C_Kr3A-Vnu5bZaeUUGGLOp7tL9rsBIA6NLNaKSp63zvl31e7Q_aQ

{ "errorresponse" : {"errorcode":432,"cserrorcode":9999,"errortext":"The given 
command does not exist or it is not available for user"} }


management-server.logs

2013-03-14 17:16:56,812 DEBUG [cloud.api.ApiServlet] (catalina-exec-24:null) 
===START===  10.217.252.128 -- GET  
command=getUser&response=json&sessionkey=Y3XVal5FZOFZobsJggz
kMet5rT0%3D&userapikey=2Ffgfp460CozE0yojXXQd3gbLozpWqjz9C_Kr3A-Vnu5bZaeUUGGLOp7tL9rsBIA6NLNaKSp63zvl31e7Q_aQ
2013-03-14 17:16:56,815 DEBUG [cloud.api.ApiServer] (catalina-exec-24:null) The 
given command:getUser does not exist or it is not available for user with id:22
2013-03-14 17:16:56,815 DEBUG [cloud.api.ApiServlet] (catalina-exec-24:null) 
===END===  10.217.252.128 -- GET  
command=getUser&response=json&sessionkey=Y3XVal5FZOFZobsJggzkM
et5rT0%3D&userapikey=2Ffgfp460CozE0yojXXQd3gbLozpWqjz9C_Kr3A-Vnu5bZaeUUGGLOp7tL9rsBIA6NLNaKSp63zvl31e7Q_aQ


mysql> select * from user where id=22;
+----+--------------------------------------+------------+----------------------------------+------------+------------+------------+--------------------+---------+---------+------------+---------------------+---------+---------------------+--------------------+---------------+--------------------------+-----------+
| id | uuid                                 | username   | password             
            | account_id | firstname  | lastname   | email              | state 
  | api_key | secret_key | created             | removed | timezone            
| registration_token | is_registered | incorrect_login_attempts | region_id |
+----+--------------------------------------+------------+----------------------------------+------------+------------+------------+--------------------+---------+---------+------------+---------------------+---------+---------------------+--------------------+---------------+--------------------------+-----------+
| 22 | 73ea9221-6d3a-4fca-af57-9030c2f99865 | dom-admin1 | 
9cab41a7d2013e5b00c774de073fbe13 |         13 | dom-admin1 | dom-admin1 | 
[email protected] | enabled | NULL    | NULL       | 2013-03-15 00:05:00 | 
NULL    | America/Los_Angeles | NULL               |             0 |            
            0 |         1 |
+----+--------------------------------------+------------+----------------------------------+------------+------------+------------+--------------------+---------+---------+------------+---------------------+---------+---------------------+--------------------+---------------+--------------------------+-----------+
1 row in set (0.00 sec)


mysql> select * from account where id=13;
+----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
| id | account_name | uuid                                 | type | domain_id | 
state   | removed | cleanup_needed | network_domain | default_zone_id | 
region_id |
+----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
| 13 | dom-admin1   | ea65cc60-fc1a-4873-a379-1946ea31b4b9 |    2 |         2 | 
enabled | NULL    |              0 | NULL           |            NULL |         
1 |
+----+--------------+--------------------------------------+------+-----------+---------+---------+----------------+----------------+-----------------+-----------+
1 row in set (0.00 sec)


Expected Behavior:

As domain user , i am allowed to view all the user details of regular users 
under this doamin. This would mean I should be able to use getUser() command to 
fetch user details as well.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to