|Issue 3766||Any registered user should have access to use the account username REST endpoint|
|Starred by 1 user||Project Member Reported by zaro0...@gmail.com, Jan 11 2016||Back to list|
Affected Version: 2.11+ What steps will reproduce the problem? 1. execute the accounts REST endpoint with a registered user account to get username of another account: curl --digest --user $user1:$user1_http_password http://localhost:8080/a/accounts/$user2/username result is: "not allowed to get username" The code in gerrit-server/src/main/java/com/google/gerrit/server/account/GetUsername.java says that users need canAdministrateSever access to view another accounts username which doesn't make sense since this info is freely available for any user from the Gerrit UI and from the account details endpoint. What is the expected output? What do you see instead? Any registered gerrit user should be able to access another user's username.  curl --digest --user $user1:$user1_http_password http://localhost:8080/a/accounts/$user2/deail
Jan 11 2016,
SGTM. GetAccount and GetDetail already give access to the username, name, and preferred email.
Jan 11 2016,
Other account attributes: Guarded by Administrate Server: capabilities, preferences.diff, preferences, password.http Guarded by Modify Accounts: preferences.edit, emails, sshkeys Only viewable by self: starred.changes Bugs: preferences.* should probably be guarded by Modify Accounts instead of Administrate Server. emails should be public (issue 3754).
Feb 5 2016,
|► Sign in to add a comment|