[ https://issues.apache.org/jira/browse/CLOUDSTACK-10434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
lujie updated CLOUDSTACK-10434: ------------------------------- Description: I think some APIs in VolumeApiServiceImpl lack access check. I will list them in below table. Anyone chould change this table. If you think the APIs do not need access check, change its lable as "no". ||API||Lack?|| |VolumeApiServiceImpl # updateVolume|yes| |VolumeApiServiceImpl # detachVolumeViaDestroyVM|yes| |VolumeApiServiceImpl # takeSnapshot|yes| |VolumeApiServiceImpl # migrateVolume|yes| | AccountManagerImpl#createApiKeyAndSecretKey |yes| was: I think some APIs in VolumeApiServiceImpl lack access check. I will list them in below table. Anyone chould change this table. If you think the APIs do not need access check, change its lable as "no". ||API||Lack?|| |VolumeApiServiceImpl # updateVolume|yes| |VolumeApiServiceImpl # detachVolumeViaDestroyVM|yes| |VolumeApiServiceImpl # takeSnapshot|yes| |VolumeApiServiceImpl # migrateVolume|yes| | |yes| > some APIs need access check > --------------------------- > > Key: CLOUDSTACK-10434 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10434 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Reporter: lujie > Priority: Blocker > > I think some APIs in VolumeApiServiceImpl lack access check. I will list > them in below table. Anyone chould change this table. If you think the APIs > do not need access check, change its lable as "no". > ||API||Lack?|| > |VolumeApiServiceImpl # updateVolume|yes| > |VolumeApiServiceImpl # detachVolumeViaDestroyVM|yes| > |VolumeApiServiceImpl # takeSnapshot|yes| > |VolumeApiServiceImpl # migrateVolume|yes| > | AccountManagerImpl#createApiKeyAndSecretKey |yes| -- This message was sent by Atlassian Jira (v8.3.4#803005)