You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
workspaces and permissions both are missing for saved objects bulk get API. These two fields are useful when doing permission validation
If a bulk get request specify fields in its request, it will not fetch workspaces and permission, that will bypass permission check.
Hailong-am
changed the title
[BUG][Workspace] missing workspaces and permissions for saved objects bulk get API
[BUG][Workspace] missing workspaces and permissions for saved objects _bulk_get API
Jul 30, 2024
Describe the bug
workspaces and permissions both are missing for saved objects bulk get API. These two fields are useful when doing permission validation
If a bulk get request specify fields in its request, it will not fetch workspaces and permission, that will bypass permission check.
OpenSearch-Dashboards/src/core/server/saved_objects/service/lib/repository.ts
Lines 969 to 973 in 5f19c37
OpenSearch-Dashboards/src/core/server/saved_objects/service/lib/included_fields.ts
Lines 50 to 51 in 5f19c37
permission check
OpenSearch-Dashboards/src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts
Lines 141 to 151 in 5f19c37
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
OpenSearch Version
Please list the version of OpenSearch being used.
Dashboards Version
Please list the version of OpenSearch Dashboards being used.
Plugins
Please list all plugins currently enabled.
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: