API 2.0: Endpoints returning all records regardless of the Portfolio or Program assigned to the API user

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • 10.83
    • Affects Version/s: 10.79
    • Component/s: REST API
    • None
    • 1
    • Severity 3 - Minor
    • Breakers - Usher 8
    • None

      Issue Summary

      The following endpoints are returning all records regardless of the Portfolio or Program assigned to the API user.

      • Features
      • Themes

      Steps to Reproduce

      1. With a non-Super Admin role/token 
      2. Assing the user to only one Program/Portfolio 
      3. Using API 2.0.
      4. Send GET for Features. 
      5. Check the response. 

      Expected Results

      Only records assigned to the same Program/Portfolio of the user running the request should return

      Actual Results

      All Feature records are returned

      Workaround

      Currently, no workaround available. A workaround will be added once available

            Assignee:
            Kyle Foreman
            Reporter:
            Alessandro Macedo
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: