Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-14220

Implement authorization checks on api endpoints for groups, action list, and document search

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: rest-1.0
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • Sprint:
      Rice Sprint 2015-04-01, Rice Sprint 2015-04-1
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes
    • Story Points:
      13

      Description

      Given the principal name of the current authenticated principal to the API, these should leverage the PermissionService.isAuthorizedByTemplate method to use the same permissions that are used today by the equivalent functions within the UI.

      So for example, in order to execute a document search, you would check whatever permission is checked today to grant access to the document search UI screen. For example, to grant permission to create or update groups, check the same permissions that is used today to grant access to this capability within the user interface.

      For document search, the version of the API that passes the principal name and checks for security should be used.

      For action list, users should be able to only see their own action list.

        Attachments

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              bsmith Brian Smith (Inactive)
              Reporter:
              ewestfal Eric Westfall
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: