-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorized User does not get full list of Findings through APIv2 #2992
Comments
You need to provide the ID of a finding, not of a product. To list findings for a product you can use the |
Yes thank you for the reply, got that messed up there I meant the ID of a finding of another reporter. But the Issue still exists.
Which gets only the 2 findings in that response of which he is the reporter of
if I do the |
Bug description
When using APIv2 (on the newest Release 1.8) to view findings by ID as an Authorized User for a Product, this User gets a reply which only contains the findings created (reported) by him. This only happens through the API. When listing the findings through the WebUI all findings are shown.
Steps to reproduce
Steps to reproduce the behavior:
DD_AUTHORIZED_USERS_ALLOW_CHANGE and
DD_AUTHORIZED_USERS_ALLOW_DELETE, to true
{ "detail": "Not found." }
is printed.
Expected behavior
A full List of all Findings created for that Product should be contained in the response. It should be the same Response as if a Staff User would execute that Request.
Deployment method (select with an
X
)Environment information
[2020-10-02 18:19:00 +0200] a89d7df: renovate: only rebase when conflicted [ (HEAD -> master, origin/master, origin/HEAD)]
The text was updated successfully, but these errors were encountered: