-
Incident report
-
Resolution: Fixed
-
Major
-
1.9.0 (alpha)
-
None
The following are a set of API calls to check API access for a user who has api privs:
Sending: {"jsonrpc": "2.0", "method":"user.apiaccess", "params":
{"user":3}, "auth":"66f09120cd5793ae8e8212b12e3ddc1a", "id":13}
Response: {"jsonrpc":"2.0","error":
,"id":13}
Sending: {"jsonrpc": "2.0", "method":"user.apiaccess", "params":
{"user":[3]}, "auth":"66f09120cd5793ae8e8212b12e3ddc1a", "id":14}
Response: {"jsonrpc":"2.0","error":
,"id":14}
Sending: {"jsonrpc": "2.0", "method":"user.apiaccess", "params":
{"user":[1,3]}, "auth":"66f09120cd5793ae8e8212b12e3ddc1a", "id":15}
Response: {"jsonrpc":"2.0","error":
,"id":15}
Looking at the code it appears there is also a mismatch between the documentation and the code itself. It appears that call might be looking for an array of user ids, yet in the code itself the sql call will fail if there are multiple id's as it is an single item equal statement not an "in" statement.