backport: Search correctly entities with user role (#766) #768
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When a user is asking for data via the API with some filter (name of the required entity for example), we should call implicitly the search engine from one hand to implement the filter and from the other hand we are getting all the entities that the user can access according to the permissions via a pre-defined query. Given the search and the query results, both are intersected to given a result that matches the given filter with the user authorization. In AbstractBackendCollectionResource we have two signatures for getBackendCollection method: protected List<Q> getBackendCollection(QueryType query, QueryParametersBase queryParams) protected List<Q> getBackendCollection(QueryType query, QueryParametersBase queryParams, SearchType searchType) The 1st just brings the query results, teh 2nd brings query and search results and intersect them. When a user tries to search for a specific entity and the 1st signature is used instead of the 2nd, the result is that the first item is picked from the resulted collection and mismatch the requested entity, this may cause an error where an operation is attempted to be excuted with the wrong information (for example, creating a template and giving the wrong template cluster) This patch fixes a wrong call to the 1st signature when the 2nd signature should be used in the following entities: Data Centers Clusters VNIC Profiles Signed-Off-By: Eli Mesika <emesika@redhat.com> Bug-Url: https://bugzilla.redhat.com/2144346 Signed-off-by: Eli Mesika <emesika@redhat.com>
mwperina
changed the title
mwperina
requested review from
ahadas,
michalskrivanek and
sandrobonazzola
and removed request for
oliel
sandrobonazzola
approved these changes
Dec 5, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a user is asking for data via the API with some filter (name of the
required entity for example), we should call implicitly the search
engine from one hand to implement the filter and from the other hand we
are getting all the entities that the user can access according to the
permissions via a pre-defined query.
Given the search and the query results, both are intersected to given a
result that matches the given filter with the user authorization.
In AbstractBackendCollectionResource we have two signatures for getBackendCollection method:
protected List
The 1st just brings the query results, teh 2nd brings query and search
results and intersect them.
When a user tries to search for a specific entity and the 1st signature
is used instead of the 2nd, the result is that the first item is picked
from the resulted collection and mismatch the requested entity, this may
cause an error where an operation is attempted to be excuted with the
wrong information (for example, creating a template and giving the wrong
template cluster)
This patch fixes a wrong call to the 1st signature when the 2nd
signature should be used in the following entities:
Data Centers
Clusters
VNIC Profiles
Signed-Off-By: Eli Mesika emesika@redhat.com
Bug-Url: https://bugzilla.redhat.com/2144346
Signed-off-by: Eli Mesika emesika@redhat.com