4507: Add a user permission for group listing through the API
- Review Board
What version are you running?
What's the URL of the page this enhancement relates to, if any?
API: GET reviewboard/api/groups/
Describe the enhancement and the motivation for it.
Only super user can get the group list. There should be a specific permission to grant this right to any user, wihtout making them super users.
What operating system are you using? What browser?
Ubuntu 16.04 LTS
Please provide any additional information below.
- New + Confirmed
+ Component:API + EasyFix
I'm interested in working on this bug.
Currently, on a public reviewboard, no permissions are required to get groups.
For non-public servers, there needs to be a permission added for non-admin users to allow the user to view all non-private groups.
clarification: the permission is for non-admin users to view all groups, including hidden ones.
making the permission allow non-admin users to view invite-only groups. hidden groups are still hidden.
Fixed in release-3.0.x (db307df). This will ship in 3.0.1. Thanks!
- Confirmed + Fixed