New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user
Status: Released
Owner:
Last visit > 30 days ago
Closed: Jan 2016



Sign in to add a comment
View All Accounts permission does not allow accounts rest endpoint to access email info
Project Member Reported by zaro0...@gmail.com, Jan 8 2016 Back to list
Affected Version: 2.11 and master

What steps will reproduce the problem?
1. execute the accounts REST endpoint with a registered user account to list emails of another account:
  curl --digest --user $user1:$user1_http_password http://localhost:8080/a/accounts/$user2/emails
  result is: "not allowed to list email addresses"

2. As administrator goto Projects->list->All-Projects
    Add global capability 'View All Accounts : Registered Users'

3. execute account api in step 1 again.

What is the expected output? What do you see instead?
I would expect that setting  'View All Accounts : Registered Users' would allow all registered users to view email info on another user. 

Please provide any additional information below.
    Add global capability 'Modify Account : Registered Users' will work but I don't think that's the right permission for this.


 
Project Member Comment 1 by zaro0...@gmail.com, Jan 8 2016
Owner: zaro0...@gmail.com
Comment 2 by jrnieder@gmail.com, Jan 8 2016
View All Accounts is about whether the user can see and interact with the other account at all. See https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#accounts
Project Member Comment 3 by zaro0...@gmail.com, Jan 8 2016
@ jmieder, sorry but i'm not exactly sure what you are trying to convey.  I don't want to make any assumptions so could you please expand?
Project Member Comment 4 by jrn@google.com, Jan 8 2016
Sorry for the lack of clarity. What I meant is that this is intended behavior (except the documentation can probably be improved).
Project Member Comment 5 by zaro0...@gmail.com, Jan 8 2016
Then I guess I don't understand the difference between modify account and view all accounts.  From reading the docs I assumed the following:

 modify account - groups assigned this permission can modify any other user account info.
 view all accounts - groups assigned this permission can view any other user account info but not modify it.

Why would a user need modify account permission to view another user's email info?

Project Member Comment 6 by zaro0...@gmail.com, Jan 8 2016
Status: ChangeUnderReview
proposed fix: https://gerrit-review.googlesource.com/73639
Project Member Comment 7 by jrn@google.com, Jan 14 2016
Status: Submitted
Project Member Comment 8 by huga...@gmail.com, Aug 9 2016
Labels: FixedIn-2.13
Project Member Comment 9 by huga...@gmail.com, Sep 22 2016
Status: Released
14893073329381106885387.jpg
401 KB View Download
MANIFEST.MF
20.9 KB View Download
Sign in to add a comment