Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App Registration | Upload App Roles | 403 Forbidden | App manager is unable to register an App #147

Closed
typecastcloud opened this issue Jul 3, 2024 · 6 comments
Closed

App Registration | Upload App Roles | 403 Forbidden | App manager is unable to register an App #147

typecastcloud opened this issue Jul 3, 2024 · 6 comments
Assignees
@evegufy
Labels
bug Something isn't working

Comments

@typecastcloud
Copy link
Contributor

typecastcloud commented Jul 3, 2024
edited
Loading

Current Behavior

API returns 403 error forbidden while uploading the required file.
https://portal-backend.entry.cofinity-x.com/api/apps/AppReleaseProcess/b6efcea6-d871-4f3c-a33b-0ea48a7a26ce/roles

Request Method:
GET

Status Code:
403 Forbidden

Expected Behavior

App Manager can upload App Roles document.

Steps To Reproduce

  1. Login to portal as App manager
  2. Navigate to App Management ---> App Release Process → Register you App
  3. Create App and proceed the next steps
  4. On Technical Integration, upload the User Role file
  5. Hit “Upload App roles“

Finding

App Manager is missing the role: view_client_roles from Cl2-CX-Portal required to access GET endpoint https://portal-backend.entry.cofinity-x.com/api/apps/AppReleaseProcess/{appid}/roles
@typecastcloud typecastcloud added the bug Something isn't working label Jul 3, 2024
@evegufy
Copy link
Contributor

evegufy commented Jul 3, 2024

Hi @typecastcloud thanks for reporting, I can reproduce the issue and yes, adding the role view_client_roles to App Manager would solve it.

The endpoint was introduced with our latest version (2.0.0):
https://github.com/eclipse-tractusx/portal-backend/pull/633/files#diff-01c4a6a7c5ebe2470acb750a3f512fe7694120e9285046443a9a916db3de244eR508

But the R&R concept doesn't cover it
image

@jjeroch was it simply missed to add t view_client_roles to App Manager in the the cx-central realm or is the authorization on the endpoint not correct?

@evegufy evegufy self-assigned this Jul 3, 2024
@evegufy evegufy added this to Portal Jul 3, 2024
@github-project-automation github-project-automation bot moved this to NEW USER REQUEST in Portal Jul 3, 2024
@jjeroch
Copy link
Contributor

jjeroch commented Jul 6, 2024

Recheck done, this issue is (as already assumed by @evegufy) on the endpoint side.
view_clinet_roles is supposed to get used when it comes to actual role assignment. Since the App Manager is not supposed to assign roles to company users, the permission is not expected to be assigned.
Instead the permission of the following endpoints need to get switched

  • GET /api/apps/AppChange/{appId}/roles => new permission validation edit_apps
  • GET /api/apps/AppReleaseProcess/{appId}/roles => new permission validation add_apps

@jjeroch jjeroch moved this from NEW USER REQUEST to BACKLOG in Portal Jul 6, 2024
@typecastcloud
Copy link
Contributor Author

typecastcloud commented Jul 8, 2024
edited
Loading

Recheck done, this issue is (as already assumed by @evegufy) on the endpoint side. view_clinet_roles is supposed to get used when it comes to actual role assignment. Since the App Manager is not supposed to assign roles to company users, the permission is not expected to be assigned. Instead the permission of the following endpoints need to get switched

* GET /api/apps/AppChange/{appId}/roles => new permission validation `edit_apps`

* GET /api/apps/AppReleaseProcess/{appId}/roles => new permission validation `add_apps`

Thanks for the review!

@evegufy @jjeroch
Should I create an issue in portal-backend for this or is that already in work?

@typecastcloud
Copy link
Contributor Author

I am not able to use this feature:
https://docs.github.com/en/issues/tracking-your-work-with-issues/transferring-an-issue-to-another-repository

@tfjanjua tfjanjua mentioned this issue Jul 10, 2024
Closed
@evegufy
Copy link
Contributor

evegufy commented Jul 10, 2024

@tfjanjua and @typecastcloud thank for opening the issue in the portal backend, I think this one can be close then.

@typecastcloud
Copy link
Contributor Author

New issue in portal-backend eclipse-tractusx/portal-backend#826

@github-project-automation github-project-automation bot moved this from BACKLOG to USER READY in Portal Jul 10, 2024
@typecastcloud typecastcloud closed this as not planned Won't fix, can't repro, duplicate, stale Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evegufy evegufy

Labels
bug Something isn't working
Projects
Portal
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@evegufy @jjeroch @typecastcloud