Hello, Sergey.
I’m +1 to make this change. I think we should make security consistent across all APIs. > 31 марта 2020 г., в 12:14, Sergei Ryzhov <s.vi.ryz...@gmail.com> написал(а): > > Hello! > Now the work of permissions for API IgniteClient and REST is different. > To create/delete a cache: > IgniteClient authorises > CACHE_CREATE/CACHE_DESTROY.(GridCacheProcessor#authorizeCacheCreate > <https://github.com/apache/ignite/blob/aefad946ebd7720f81b460aa39e205c10dc24b26/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java#L3983>, > authorizeCacheDestroy > <https://github.com/apache/ignite/blob/aefad946ebd7720f81b460aa39e205c10dc24b26/modules/core/src/main/java/org/apache/ignite/internal/processors/cache/GridCacheProcessor.java#L3973>) > REST authorises ADMIN_CACHE.(GridRestProcessor#authorize > <https://github.com/apache/ignite/blob/aefad946ebd7720f81b460aa39e205c10dc24b26/modules/core/src/main/java/org/apache/ignite/internal/processors/rest/GridRestProcessor.java#L841>) > I think this is inconsistent. > > I suggest ADMIN_CACHE mark @Deprecated > and replace it in the GridRestProcessor with CACHE_CREATE / CACHE_DESTROY > while maintaining backward compatibility for ADMIN_CACHE. > > This will allow us to remove ADMIN_CACHE in the future. > > > > Sergei Ryzhov > s.vi.ryz...@gmail.com > > > > > > > >
