[#IOTDM-53] ACP: CI can be created by any origin even when ACP restricts origin (accop)

[IOTDM-53] ACP: CI can be created by any origin even when ACP restricts origin (accop) Created: 25/Jan/17 Updated: 19/Oct/17 Resolved: 27/Feb/17
Status:	Resolved
Project:	iotdm
Component/s:	General
Affects Version/s:	unspecified
Fix Version/s:	None

Type:

Bug

Reporter:

Lionel Florit

Assignee:

Unassigned

Resolution:

Done

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Environment:

Operating System: All
Platform: All

External issue ID:

7671

Priority:

High

Description

create AE/ACP : ACP allows AE1 to CREATE and admin to do CRUD
Create AE?TestContainer with ACPI = ACP above
AE1 creates CI under Testcontainer – success
AE2 creates CI under Testcontainer – success - that’s a bug.

To reproduce, import this ACP collection: https://www.getpostman.com/collections/bdcb9c9d7ffe090849e7
In folder Test4 run calls 001,2,3,4,5,6 (last one should fail)

Otherwise, AE2 can’t do anything else and AE1 is restricted to CREATE which is good.

Generated at Wed Feb 07 20:05:03 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.

[IOTDM-53] ACP: CI can be created by any origin even when ACP restricts origin (accop) Created: 25/Jan/17 Updated: 19/Oct/17 Resolved: 27/Feb/17