Hi,
I was developing something where I needed to use the setacls function and I came across a bug in the API or something that is not clear on the documentation, with possible security repercussion.
In my development process, I wasn't sure if the setacls function was resetting old permissions when settings new one.
So I had the idea to set the acl-all=0 to force disabling everything and then setting what I wanted.
That is how I discovered that when calling the API with acl-all=0 it was acting like acl-all=1. The value seems ignored, it's just the existence of acl-all that seems relevant.
Long story short, I think it's a problem. Either a bug in the API, or something that's not clear enough on the documentation, I wasn't expecting that.
Step to reproduce : Just create a reseller user and trying calling the API with something like this :
You will see that it act as if acl-all=1
Another thing, please speed up to documentation website, it's slow most of the time, and it's a nightmare to work with it.
I keep referring to the old doc (which is also slow) but at least I find what I want quicker. I'm not a super fan of the new doc. A newcomer will be lost.
I was developing something where I needed to use the setacls function and I came across a bug in the API or something that is not clear on the documentation, with possible security repercussion.
In my development process, I wasn't sure if the setacls function was resetting old permissions when settings new one.
So I had the idea to set the acl-all=0 to force disabling everything and then setting what I wanted.
That is how I discovered that when calling the API with acl-all=0 it was acting like acl-all=1. The value seems ignored, it's just the existence of acl-all that seems relevant.
Long story short, I think it's a problem. Either a bug in the API, or something that's not clear enough on the documentation, I wasn't expecting that.
Step to reproduce : Just create a reseller user and trying calling the API with something like this :
https://your.cpanel.server:2087/json-api/setacls?api.version=1&reseller=RESELLER_USER&acl-all=0&acl-acct-summary=1
You will see that it act as if acl-all=1
Another thing, please speed up to documentation website, it's slow most of the time, and it's a nightmare to work with it.
I keep referring to the old doc (which is also slow) but at least I find what I want quicker. I'm not a super fan of the new doc. A newcomer will be lost.
Last edited by a moderator: