Conversation
RodrigoDLopez
left a comment
RodrigoDLopez
left a comment
There was a problem hiding this comment.
I am trying to understand in which scenario it is necessary to give freedom for ordinary users to change names within the environment.
You can explain it to me because I couldn't reach a conclusion on my own.
| type = CommandType.STRING, | ||
| description = "The chain info of the volume", | ||
| since = "4.4") | ||
| since = "4.4", authorized = {RoleType.Admin}) |
There was a problem hiding this comment.
Correct me if I'm wrong, but I believe that only administrators can execute the updateVolume command.
There was a problem hiding this comment.
admins and regular users can run this command. but regular users can only change name
| description = "an optional field, whether to the display the volume to the end user or not.", authorized = {RoleType.Admin}) | ||
| private Boolean displayVolume; | ||
|
|
||
| @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "new name of the volume", since = "4.16") |
There was a problem hiding this comment.
You put roleAdmin in all the other parameters of this API, but not this one.
Any reason for this behavior? users without administrator permission will not be able to run this command. And ordinary users shouldn't be able to change the name of what doesn't belong to them.
It would be nice to capitalize the n in new as well
There was a problem hiding this comment.
Other parameters have sensitive info whereas the "name" parameter is not critical.
So regular users can change only name but not other important values
| Account caller = CallContext.current().getCallingAccount(); | ||
| if (!_accountMgr.isRootAdmin(caller.getId())) { | ||
| if (path != null || state != null || storageId != null || displayVolume != null || customId != null || chainInfo != null) { | ||
| throw new InvalidParameterValueException("The domain admin and normal user are not allowed to update volume except volume name"); |
There was a problem hiding this comment.
does it make sense to allow ordinary users the power to change names within the environment?
DaanHoogland
added
complexity:simple
@RodrigoDLopez there is no harm in changing the volume name. so anybody can do it |
RodrigoDLopez
left a comment
RodrigoDLopez
left a comment
There was a problem hiding this comment.
@ravening I know that changing volume names does no harm, but I don't like empowering users even if they are cosmetic powers.
But you have my approval and my +1
|
code lgtm |
|
Hi @ravening |
6 participants
Description
Provide an api support to update volume name by all users
Can be done both through api and UI
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
Through API