Uploaded image for project: 'Insights Experiences'
  1. Insights Experiences
  2. HMS-8622

check responses for objects from other orgs

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • Content
    • None

      Related to https://issues.redhat.com/browse/HMS-4876

       

      We should write a middleware to check arbitrary data being returned from our app to handle two cases,

       

      1. where we are returning an object:
        1. { "org_id": "12354"}
      1. we are returning a  list of objects:
        1. { "data": [
          {"org_id": "12345" }

      1. look through our openapi spec/response structs and see if there are any other formats we're missing

      If the org_id exists on the data, lets double check for repositories, templates, snapshots, that these org_ids match the request org_id from the incoming identity header, and throw a 500 if not  (I say a 500, as this should be due to a bug in the code, it shouldn't ever get this far)

       

      We need to still allow red hat (-1) and community (-2?) org ids

       

              swadeley@redhat.com Stephen Wadeley
              rhn-engineering-jsherrill Justin Sherrill
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: