[
https://issues.apache.org/jira/browse/USERGRID-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15196046#comment-15196046
]
ASF GitHub Bot commented on USERGRID-1266:
------------------------------------------
GitHub user mdunker opened a pull request:
https://github.com/apache/usergrid/pull/492
USERGRID-1266: check permissions at REST layer to avoid incorrect res…
…ponse codes
also block user token exchange via GET
/org/app/users/{user}/token?access_token={usertoken}
and log guest user into app when no token sent in for
@CheckPermissionsForPath
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mdunker/usergrid USERGRID-1266
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/usergrid/pull/492.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #492
----
commit 10e2be7b405e1031abf74082efa8dce2ca9cb1fc
Author: Mike Dunker <[email protected]>
Date: 2016-03-15T19:30:25Z
USERGRID-1266: check permissions at REST layer to avoid incorrect response
codes
also block user token exchange via GET
/org/app/users/{user}/token?access_token={usertoken}
----
> 401 when 404 is expected on missing entity
> ------------------------------------------
>
> Key: USERGRID-1266
> URL: https://issues.apache.org/jira/browse/USERGRID-1266
> Project: Usergrid
> Issue Type: Story
> Components: Stack
> Affects Versions: 2.1.0
> Reporter: Jeffrey
> Assignee: Mike Dunker
> Fix For: 2.1.1
>
>
> This missing entity should return a 404:
> https://api-connectors-prod.apigee.net/appservices/api-connectors/sdksandbox/nodejs/2f2ec3d7-d40f-11e5-860f-0a65ea91a1eb
>
> {"error":"service_resource_not_found","timestamp":1455559868909,"duration":0,"error_description":"Service
> resource not
> found","exception":"org.apache.usergrid.services.exceptions.ServiceResourceNotFoundException"}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
