shwstppr commented on PR #8973: URL: https://github.com/apache/cloudstack/pull/8973#issuecomment-2134446434
@DaanHoogland this is not only limited to webhooks feature. Other API too have params that have authorized key defined. Though I didn't get change to take logs/cmk output for them.  eg: `listBuckets` API has admin-only param objectstorageid but currently it is shown to a normal user as well (though the user won't be able to use that). ``` (local) 🐱 > set username user (local) 🐱 > sync Discovered 320 APIs (local) 🐱 > list buckets -h listBuckets: Lists all Buckets. API Params Type Description ========== ==== =========== account string list resources by account. Must be used w ith the domainId parameter. domainid uuid list only resources belonging to the doma in specified id uuid the ID of the bucket ids list the IDs of the Buckets, mutually exclusiv e with id isrecursive boolean defaults to false, but if true, lists all resources from the parent specified by the domainId till leaves. keyword string List by keyword listall boolean If set to false, list only resources belo nging to the command's caller; if set to true - list resources that the caller i s authorized to see. Default value is fa lse. Resources dedicated to a project ar e listed only if using the projectid par ameter. name string the name of the bucket objectstorageid uuid the ID of the object storage pool, availa ble to ROOT admin only page integer pagesize integer projectid uuid list objects by project; if projectid=-1 lists All VMs tags map List resources by tags (key/value pairs) ``` Webhooks feature is targetted for 4.20 and I feel this improvement can also be added in 4.19 branch hence a separate PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org