Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1598

REST API returns HTTP 403 if search parameter not included in URL

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Fixed
    • 2.1
    • Backend / Domain Model
    • None
    • Atlassian Crowd Version: 2.0-beta2 (Build:#401 - Jun 22, 2009)

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      At present, the REST API returns an HTTP 403 (Access forbidden) in certain cases, if the request URL does not include a search parameter.

      • /directory/DIRECTORY-KEY/user
      • /directory/DIRECTORY-KEY/group

      For example, this URL will cause a 403: 

      http://localhost:8095/crowd/rest/admin/latest/directory/atlassian%20crowd/user

      Whereas this one is fine:

      http://localhost:8095/crowd/rest/admin/latest/directory/atlassian%20crowd/user?search=ad

      The reason is that we don't want API calls to return the entire list of users from the directory.

      Instead of an HTTP 403, we should either should return a meaningful message, or allow some other mechanism of requesting and/or restricting the number of users to be returned.

            [CWD-1598] REST API returns HTTP 403 if search parameter not included in URL

            There are no comments yet on this issue.

              Unassigned Unassigned
              smaddox SarahA
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: