Project

General

Profile

Actions
Copy link

Bug #18636

closed

make "relations" visible to unauth'd Redmine API clients

Added by Ken Dreyer over 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
David Galloway
Category:
Infrastructure Service
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

I have to use my "ken.dreyer" Redmine account to look up relations for a ticket using the REST API.

For example this works:

curl -v -H 'X-Redmine-API-Key: foobar' http://tracker.ceph.com/issues/17858/relations.json

This does not (HTTP 403 error):

curl -v http://tracker.ceph.com/issues/17858/relations.json

The information is already public via the web UI (see http://tracker.ceph.com/issues/17858/), and it appears that it's only the REST API that is restricted in this way.

Can we disable this requirement in Redmine's settings somehow?

Actions
Copy link
 #1

Updated by David Galloway over 7 years ago

  • Category set to Infrastructure Service
  • Status changed from New to In Progress
  • Assignee set to David Galloway

I'm looking into this

Actions
Copy link
 #2

Updated by David Galloway over 7 years ago

  • Status changed from In Progress to Need More Info

This doesn't appear to be a configurable setting. In the Admin settings, the REST API is either on or off. Individual trackers don't have separate API settings.

Based on the API docs, auth is required: https://www.redmine.org/projects/redmine/wiki/Rest_api

Actions
Copy link
 #3

Updated by Ken Dreyer about 7 years ago

  • Status changed from Need More Info to Closed

Thanks for looking into this. I read the docs and found that I can just tack on ?include=relations to the unauthenticated API request, and it works fine.

Actions
Copy link

Also available in: Atom PDF