Patch #24051: As a non-admin user using API, I want to be able to filter users by their username without getting forbidden exception - Redmine

Actions

Patch #24051

open

Added by Anonymous about 8 years ago. Updated about 8 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

REST API

Target version:

Start date:

Due date:

% Done:

Estimated time:

Description

We created an Odoo -> Redmine connector for uploading time spent from Redmine to HR tools in Odoo (https://github.com/savoirfairelinux/connector-redmine/tree/ddufresne_port_to_8_0).

When we call that function from a superuser API key, all works well, but when it is normal user API key, it does return a forbidden exception :

redmine_api.user.filter(name="SOMEUSERNAME")

I think that to reinforce security by not giving superuser Redmine API key to Odoo would be interesting.

That would be possible by allowing standard Redmine users to use API to filter users by their username instead of throwing an exception.

Files

Download all files

0001-As-a-non-admin-user-using-API-I-want-to-be-able-to-f.patch (979 Bytes) 0001-As-a-non-admin-user-using-API-I-want-to-be-able-to-f.patch		Anonymous, 2016-10-11 20:55
allowing-nonsuperusers-to-search-users-by-filters-from-api.patch (371 Bytes) allowing-nonsuperusers-to-search-users-by-filters-from-api.patch		Anonymous, 2016-10-12 16:56
redmine_lte_v3.2_allow-stdusers-filter-users-from-api.patch (371 Bytes) redmine_lte_v3.2_allow-stdusers-filter-users-from-api.patch	Redmine <= 3.2 patch for non-superuser can filter users by API	Anonymous, 2016-10-12 17:08
redmine_lt_v3.3_allow-stdusers-filter-users-from-api.patch (371 Bytes) redmine_lt_v3.3_allow-stdusers-filter-users-from-api.patch		Anonymous, 2016-10-12 17:11

Related issues

Actions

Also available in: Atom PDF