search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.58k stars 541 forks source link

/api/v1/metrics/portfolio are not filtered by project team ACL #2323

Open mulder999 opened 1 year ago

mulder999 commented 1 year ago

Current Behavior

To completing the gap analysis available in #1127 regarding portfolio access control: the portfolio metrics are not filtered by project team ACL

Steps to Reproduce

  1. Enable portfolio access control and limit the number of projects accessible
  2. Call any /api/v1/metrics/portfolio endpoints

WRONG: The number of projects corresponds to the full list of project irrelevant of the ACL settings

Expected Behavior

Expected: The number of projects should corresponds to the list of project granted by the ACL settings

Dependency-Track Version

4.7.0

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

14

Browser

Google Chrome

Checklist

mulder999 commented 1 year ago

Currently working on a PR to solve this

stevespringett commented 1 year ago

this is not a defect. It is a continuation of the existing ACL work, currently in beta and not feature complete.

See #1127