Uploaded image for project: 'Airavata'
  1. Airavata
  2. AIRAVATA-3298

Project methods are broken since they use the Project.owner instead of the authenticating user

    XMLWordPrintableJSON

    Details

      Description

      The following API server project methods are not correctly using the username in the AuthzToken

      • createProject - this creates the project as an entity owned by the project.owner without first checking that the project.owner is the authenticating user. This allows a user to create a project belonging to another user
      • getUserProjects - this allows retrieval of projects belonging to the passed in userName parameter. The userName parameter should be deprecated and no longer used and the authenticating user from the AuthzToken should be used instead
      • searchProjects - same issue as with getUserProjects

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              marcuschristie Marcus Christie
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: