[RTFACT-15322] Extend /api/security/users/:user to non admins Created: 22/Nov/17  Updated: 03/Dec/17

Status: Open
Project: Artifactory Binary Repository
Component/s: REST API
Affects Version/s: 5.5.1
Fix Version/s: None

Type: New Feature Priority: Minor
Reporter: Jordan Sussman Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None


Currently the /api/security/users/:user only accepts requests from admin users. However, many use cases exists for non-admins to verify information about themselves. Our primary use case is related to a wrapper API around Artifactory. We want a user interacting with out API to provide us with basic authentication and we pass that information to Artifactory to validate that the credentials are valid within LDAP and that the user exists in Artifactory. Our current workaround is to use a different endpoint to validate credentials.

The expected behavior would look like:

User joe would be allowed to hit /api/security/users/joe, but joe would get forbidden when trying to hit /api/security/users/sam.

Generated at Tue Jul 14 15:08:51 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.