hostlist API must respect ACL when grouping
Closed this issue · 2 comments
oyvindhagberg commented
Seems like it might be easier if the ACL was in a database table, so queries could JOIN
against it. Consider it before implementing anything. It would affect how LIMIT
/OFFSET
is done.
Edit: Putting the ACL in the database has been considered, and will be solved at a later time. The issue for that is #67.
oyvindhagberg commented
- Make a unit test that detects this bug
oyvindhagberg commented
Can be easily solved in api_hostlist.go
at line 364, pseudocode:
If not admin:
WHERE ... AND certfp IN (
all the certs from the accessprofile )