Project

General

Profile

Actions

Patch #24051

open

As a non-admin user using API, I want to be able to filter users by their username without getting forbidden exception

Added by Anonymous over 7 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
REST API
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

We created an Odoo -> Redmine connector for uploading time spent from Redmine to HR tools in Odoo (https://github.com/savoirfairelinux/connector-redmine/tree/ddufresne_port_to_8_0).

When we call that function from a superuser API key, all works well, but when it is normal user API key, it does return a forbidden exception :

redmine_api.user.filter(name="SOMEUSERNAME")

I think that to reinforce security by not giving superuser Redmine API key to Odoo would be interesting.

That would be possible by allowing standard Redmine users to use API to filter users by their username instead of throwing an exception.


Files


Related issues

Related to Redmine - Defect #7773: Only Redmine administrators can get users from REST APINew2011-03-04

Actions
Actions

Also available in: Atom PDF