Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.1.0
-
None
Description
Tenancy was introduced in 2.1, however, by default it is turned off via the use_tenancy parameter but when activated it is used to limit the scope of delivery services that a user can act on.
The following APIs needs to check tenancy to ensure users cannot act on ds's that they don't have access to.
post("/api/$version/deliveryservices/xmlId/:xmlId/urlkeys/generate
post("/api/$version/deliveryservices/xmlId/:xmlId/urlkeys/copyFromXmlId/:copyFromXmlId
get("/api/$version/deliveryservices/xmlId/:xmlId/urlkeys