Monorail Project: gerrit Issues People Development process History Sign in
New issue
Advanced search Search tips
Issue 3754 View All Accounts permission does not allow accounts rest endpoint to access email info
Starred by 1 user Project Member Reported by zaro0...@gmail.com, Jan 8 2016 Back to list
Status: Released
Owner:
Closed: Jan 2016



Sign in to add a comment
Affected Version: 2.11 and master

What steps will reproduce the problem?
1. execute the accounts REST endpoint with a registered user account to list emails of another account:
  curl --digest --user $user1:$user1_http_password http://localhost:8080/a/accounts/$user2/emails
  result is: "not allowed to list email addresses"

2. As administrator goto Projects->list->All-Projects
    Add global capability 'View All Accounts : Registered Users'

3. execute account api in step 1 again.

What is the expected output? What do you see instead?
I would expect that setting  'View All Accounts : Registered Users' would allow all registered users to view email info on another user. 

Please provide any additional information below.
    Add global capability 'Modify Account : Registered Users' will work but I don't think that's the right permission for this.


 
Project Member Comment 1 by zaro0...@gmail.com, Jan 8 2016
Owner: zaro0...@gmail.com
Comment 2 by jrnieder@gmail.com, Jan 8 2016
View All Accounts is about whether the user can see and interact with the other account at all. See https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#accounts
Project Member Comment 3 by zaro0...@gmail.com, Jan 8 2016
@ jmieder, sorry but i'm not exactly sure what you are trying to convey.  I don't want to make any assumptions so could you please expand?
Project Member Comment 4 by jrn@google.com, Jan 8 2016
Sorry for the lack of clarity. What I meant is that this is intended behavior (except the documentation can probably be improved).
Project Member Comment 5 by zaro0...@gmail.com, Jan 8 2016
Then I guess I don't understand the difference between modify account and view all accounts.  From reading the docs I assumed the following:

 modify account - groups assigned this permission can modify any other user account info.
 view all accounts - groups assigned this permission can view any other user account info but not modify it.

Why would a user need modify account permission to view another user's email info?

Project Member Comment 6 by zaro0...@gmail.com, Jan 8 2016
Status: ChangeUnderReview
proposed fix: https://gerrit-review.googlesource.com/73639
Project Member Comment 7 by jrn@google.com, Jan 14 2016
Status: Submitted
Project Member Comment 8 by huga...@gmail.com, Aug 9
Labels: FixedIn-2.13
Project Member Comment 9 by huga...@gmail.com, Sep 22
Status: Released
Sign in to add a comment