| Issue 3754: | View All Accounts permission does not allow accounts rest endpoint to access email info | |
| 1 person starred this issue and may be notified of changes. | Back to list |
Affected Version: 2.11 and master
What steps will reproduce the problem?
1. execute the accounts REST endpoint with a registered user account to list emails of another account:
curl --digest --user $user1:$user1_http_password http://localhost:8080/a/accounts/$user2/emails
result is: "not allowed to list email addresses"
2. As administrator goto Projects->list->All-Projects
Add global capability 'View All Accounts : Registered Users'
3. execute account api in step 1 again.
What is the expected output? What do you see instead?
I would expect that setting 'View All Accounts : Registered Users' would allow all registered users to view email info on another user.
Please provide any additional information below.
Add global capability 'Modify Account : Registered Users' will work but I don't think that's the right permission for this.
Jan 7 (2 days ago)
Project Member
#1
zaro0508
Owner:
zaro0508
Jan 7 (2 days ago)
View All Accounts is about whether the user can see and interact with the other account at all. See https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#accounts
Jan 8 (2 days ago)
@ jmieder, sorry but i'm not exactly sure what you are trying to convey. I don't want to make any assumptions so could you please expand?
Jan 8 (2 days ago)
Sorry for the lack of clarity. What I meant is that this is intended behavior (except the documentation can probably be improved).
Jan 8 (2 days ago)
Then I guess I don't understand the difference between modify account and view all accounts. From reading the docs I assumed the following: modify account - groups assigned this permission can modify any other user account info. view all accounts - groups assigned this permission can view any other user account info but not modify it. Why would a user need modify account permission to view another user's email info?
Jan 8 (2 days ago)
proposed fix: https://gerrit-review.googlesource.com/73639
Status:
ChangeUnderReview
|
|
| ► Sign in to add a comment |