App Registration | Receiving 403 Forbidden while getting recently uploaded App Roles

[tfjanjua]

Current Behavior

API returns 403 error forbidden while getting the roles, right after uploading the required role file..
https://portal-backend.entry.cofinity-x.com/api/apps/AppReleaseProcess/b6efcea6-d871-4f3c-a33b-0ea48a7a26ce/roles

Request Method:
GET

Status Code:
403 Forbidden

Expected Behavior

App Manager shouldnt get this 403 forbidden issue right after uploading the roles file.

Steps To Reproduce

1. Login to portal as App manager
2. Navigate to App Management ---> App Release Process → Register you App
3. Create App and proceed the next steps
4. On Technical Integration, upload the User Role file
5. Hit “Upload App roles“

Findings

App Manager is missing the role: view_client_roles from Cl2-CX-Portal required to access GET endpoint https://portal-backend.entry.cofinity-x.com/api/apps/AppReleaseProcess/{appid}/roles

@jjeroch 's comment
Recheck done, this issue is (as already assumed by @evegufy ) on the endpoint side.
view_clinet_roles is supposed to get used when it comes to actual role assignment. Since the App Manager is not supposed to assign roles to company users, the permission is not expected to be assigned.
Instead the permission of the following endpoints need to get switched

• GET /api/apps/AppChange/{appId}/roles => new permission validation edit_apps
• GET /api/apps/AppReleaseProcess/{appId}/roles => new permission validation add_apps

[tfjanjua]

Linked duplicate issue in portal-iam repo
eclipse-tractusx/portal-iam#147

cc: @typecastcloud

[evegufy]

Hi @tfjanjua thank you for taking this up, could you please check out from the release branch https://github.com/eclipse-tractusx/portal-backend/tree/release/v2.1.0-RC1 and raise pr back to it?