[ https://issues.apache.org/jira/browse/CLOUDSTACK-6508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14070561#comment-14070561 ]
ASF subversion and git services commented on CLOUDSTACK-6508: ------------------------------------------------------------- Commit 19b72d6cf57665fc3935fdd7f7e9dad9117f0616 in cloudstack's branch refs/heads/4.3 from [~saksham] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=19b72d6 ] CLOUDSTACK-6508: impossible to list projects from API with domainid set > impossible to list projects from API with domainid set > ------------------------------------------------------ > > Key: CLOUDSTACK-6508 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6508 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: API > Affects Versions: 4.2.1, 4.3.0 > Reporter: ivan derbenev > Assignee: Saksham Srivastava > Labels: S1 > > Hello, it's my first issue ever, so sorry if i made smth wrong. > Today we was trying to setup jCloud module for jenkins, and stuck with error. > it throws GET request: > /client/api/?response=json&command=listProjects&listAll=true&account=jenkins&domainid=%domainid%&apiKey=%apikey%&signature=%sig% > and returns error: > Can't list domain id= 1 projects; unauthorized > i have only one ROOT domain, and this user belongs to this domain > if i go into cloudmonkey and call: > list projects listall=true account=jenkins domainid=%domainid% > it throws error too. If i don't use "domainid" attribute, query works properly > if i call any other api function with "domainid" attribute, query works > properly > i looked into cloudstack sources and found this function: > https://github.com/apache/cloudstack/blob/master/server/src/com/cloud/api/query/QueryManagerImpl.java > listProjectsInternal function > line 1309 > if (domainId != null && domainId.equals(caller.getDomainId())) { > throw new PermissionDeniedException("Can't list domain id= " > + domainId + " projects; unauthorized"); > } > so if i understand it well it check whether i provide a domainid and if user > belongs to domain with this domainid it throws exception > I don't think this is how this API function should work. > Am i mistaken anywhere or this is really a bug? -- This message was sent by Atlassian JIRA (v6.2#6252)