Details
-
Bug
-
Resolution: Fixed
-
Major
-
3.1.2
-
Security Level: Public
-
None
-
CBG Sprint 145
-
1
Description
Updating an app user via the _user/<username> endpoint of the SGW admin API does not override omitted fields in the payload. This affects version 3.1.2, and seems to be a change in behaviour from 3.0.9. For example, with a user 'user', with access to * channel, and the following payload:
{ "name": "user", |
"admin_roles": ["role"] |
}
|
(notably omitting the admin_channels field) the user will have the role but no * access in 3.0.9, but in 3.1.2 will have both * access and the role. The same is true in the inverse case where the admin_roles field is omitted and the admin_channels field is provided - in 3.0.9 the omitted field will be overwritten but in 3.1.2 this field will NOT be overwritten.
This bug was discovered in Capella App Services via the Capella QE testing pipeline and reproduced manually on Capella with server version 7.2.3
Attachments
Issue Links
- Clones
-
-
- Resolved
-