[jira] [Updated] (CLOUDSTACK-10434) some APIs need access check

Mon, 22 Mar 2021 22:10:07 -0700 


     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lujie updated CLOUDSTACK-10434:
-------------------------------
    Description: 
I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them 
in below table. Anyone chould change this table. If you think the APIs do not 
need access check, change its lable as  "no".
||API||Lack?||
|VolumeApiServiceImpl # updateVolume|yes|
|VolumeApiServiceImpl # detachVolumeViaDestroyVM|yes|
|VolumeApiServiceImpl # takeSnapshot|yes|
|VolumeApiServiceImpl # migrateVolume|yes|
|UserVmManagerImpl # updateVirtualMachine|yes|

  was:
I think some APIs in  VolumeApiServiceImpl  lack access check. I will list them 
in below table. Anyone chould change this table. If you think the APIs do not 
need access check, change its lable as  "no".
||API||Lack?||
|updateVolume|yes|
|detachVolumeViaDestroyVM|yes|
|takeSnapshot|yes|
|migrateVolume|yes|


> some APIs need access check
> ---------------------------
>
>                 Key: CLOUDSTACK-10434
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10434
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: lujie
>            Priority: Blocker
>
> I think some APIs in  VolumeApiServiceImpl  lack access check. I will list 
> them in below table. Anyone chould change this table. If you think the APIs 
> do not need access check, change its lable as  "no".
> ||API||Lack?||
> |VolumeApiServiceImpl # updateVolume|yes|
> |VolumeApiServiceImpl # detachVolumeViaDestroyVM|yes|
> |VolumeApiServiceImpl # takeSnapshot|yes|
> |VolumeApiServiceImpl # migrateVolume|yes|
> |UserVmManagerImpl # updateVirtualMachine|yes|



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to