Ticket #340 (closed enhancement: fixed)
|Reported by:||robert||Owned by:|
|MoSCoW:||Should Have||Estimated time after impact analysis:|
|Related to project:||none||Tested:||no|
Some REST calls use is_app_admin TRUE/FALSE to identify the admin, in which case the owner check is skipped when executing the REST call.
However, this variable is still missing in most of the REST calls. Its a shortcut for the application, where the application does not need to provide the owner of the object to allow a write/delete action.
Making the is_app_admin global allows this action to work on all [POST] REST calls where the is_app_admin can help to skip owner checks.