Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

column level privileges are not reflected in swagger UI #981

Open
litriv opened this issue Sep 21, 2017 · 2 comments
Open

column level privileges are not reflected in swagger UI #981

litriv opened this issue Sep 21, 2017 · 2 comments
Labels
enhancement a feature, ready for implementation OpenAPI

Comments

@litriv
Copy link

litriv commented Sep 21, 2017
edited
Loading

would be nice to have the OpenAPI spec reflect column level privileges. i'll take this on once #970 had been merged
@ruslantalpa
Copy link
Contributor

#970 is merged now :)

@steve-chavez steve-chavez added the enhancement a feature, ready for implementation label Jun 26, 2018
@FGRibreau
Copy link
Contributor

FGRibreau commented Jun 27, 2018
edited
Loading

(related)

Indeed some columns are displayed in the swagger/open-api spec, while they should not be because anonymous is not authorized to view them.

E.g. in:

grant select ("theme_id", "user_id", "title", "description", "createdAt", "updatedAt", "parameters") on api.themes to "anonymous";

api.themes view has other columns like "status", and "status" is present inside the generated swagger, we might not want this as it leaks information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement a feature, ready for implementation OpenAPI
Milestone
No milestone
Development

No branches or pull requests
4 participants
@FGRibreau @steve-chavez @ruslantalpa @litriv