All, Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user): https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI) This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call. In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used. However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as: * Old behaviour: will only returns resources belonging to a project, only to admin and domain admin * New behaviour: will return all resources including project resources, only to admin and domain admin * Additional notes: normal user (not an admin, or a domain admin etc) will not be affected The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug. As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts? Regards, Rohit Yadav Software Architect, ShapeBlue https://www.shapeblue.com rohit.ya...@shapeblue.comĀ www.shapeblue.com 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
