Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/api/v1/metrics/portfolio are not filtered by project team ACL #2323

Open
2 tasks done
mulder999 opened this issue Dec 22, 2022 · 2 comments · May be fixed by #2326
Open
2 tasks done

/api/v1/metrics/portfolio are not filtered by project team ACL #2323

mulder999 opened this issue Dec 22, 2022 · 2 comments · May be fixed by #2326
Labels
access control enhancement New feature or request

Comments

@mulder999
Copy link
Contributor

Current Behavior

To completing the gap analysis available in #1127 regarding portfolio access control: the portfolio metrics are not filtered by project team ACL

Steps to Reproduce

  1. Enable portfolio access control and limit the number of projects accessible
  2. Call any /api/v1/metrics/portfolio endpoints

WRONG: The number of projects corresponds to the full list of project irrelevant of the ACL settings

Expected Behavior

Expected: The number of projects should corresponds to the list of project granted by the ACL settings

Dependency-Track Version

4.7.0

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

14

Browser

Google Chrome

Checklist
@mulder999 mulder999 added defect Something isn't working in triage labels Dec 22, 2022
@mulder999
Copy link
Contributor Author

mulder999 commented Dec 22, 2022
edited
Loading

Currently working on a PR to solve this

This was referenced Dec 23, 2022
Merged
Open
@stevespringett stevespringett added enhancement New feature or request and removed defect Something isn't working labels Jan 3, 2023
@stevespringett
Copy link
Member

stevespringett commented Jan 3, 2023
edited
Loading

this is not a defect. It is a continuation of the existing ACL work, currently in beta and not feature complete.

See #1127

@msymons msymons removed the in triage label Jan 3, 2023
@nscuro nscuro mentioned this issue Nov 13, 2023
Closed
2 tasks
This was referenced Feb 13, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
access control enhancement New feature or request
Projects
None yet
Milestone
No milestone
3 participants
@mulder999 @stevespringett @msymons