Bug #2863
Updated by Marek Hulán over 10 years ago
Daniel Lobato discovered that /api/hosts/<name> does not check whether a current user has a privileges to display particular host. This is caused by using generic #find_resource in hosts controller instead of limiting it via .my_hosts scope as it's in non-API controller. -Since Since similar bug could be in any other API controller, I'll go over all API controllers and try to find other possible issues-. EDIT: hosts seems to be only object that has customized privileges system issues.