dotCMS
Content+Permission REST improvements
Make the permissions work on every action
I found some details using System Workflow and this endpoint PUT localhost:8080/api/v1/workflow/actions/fire:
- The endpoint only works with Publish action. This works:
{
"actionName": "publish",
"comments": "publish content",
"contentlet": {
"contentType":"MyType",
"title": "Content 1",
"identifier": "db982967e39ffaf6262f00be12679728"
},
"individualPermissions": {
"EDIT_PERMISSIONS":["02ae46fa-cb67-4ed8-82d5-f1f9a5e1d744"],
"CAN_ADD_CHILDREN": ["e37accbd-6a67-4ff4-adfe-cff423030a0b"],
"READ": ["9ad24203-ae6a-4e5e-aa10-a8c38fd11f17"],
"WRITE":["b9236d3a-41d4-4efd-a695-cb0f758cbf86"],
"PUBLISH":["d8beb217-1889-40dd-99ad-fbd3cab7c426", "d3e78673-044a-4e1e-a38a-56f48cc6d5a5", "9ad24203-ae6a-4e5e-aa10-a8c38fd11f17"]
}
}
but the other actions, like Save doesn't work:
{
"actionName": "save",
"comments": "save content",
"contentlet": {
"contentType":"MyType",
"title": "Content 1",
"identifier": "db982967e39ffaf6262f00be12679728"
},
"individualPermissions": {
"EDIT_PERMISSIONS":["02ae46fa-cb67-4ed8-82d5-f1f9a5e1d744"],
"CAN_ADD_CHILDREN": ["e37accbd-6a67-4ff4-adfe-cff423030a0b"],
"READ": ["9ad24203-ae6a-4e5e-aa10-a8c38fd11f17"],
"WRITE":["b9236d3a-41d4-4efd-a695-cb0f758cbf86"],
"PUBLISH":["d8beb217-1889-40dd-99ad-fbd3cab7c426", "d3e78673-044a-4e1e-a38a-56f48cc6d5a5", "9ad24203-ae6a-4e5e-aa10-a8c38fd11f17"]
}
}
If one permission fails to save, just write an error and continue with the rest
- If I type an invalid roleId, the response is 200 (OK) and all the permissions added after the invalid one are ignored:
{
"actionName": "publish",
"comments": "publish content",
"contentlet": {
"contentType":"MyType",
"title": "Content 1",
"identifier": "db982967e39ffaf6262f00be12679728"
},
"individualPermissions": {
"EDIT_PERMISSIONS":["02ae46fa-cb67-4ed8-82d5-f1f9a5e1d744"],
"CAN_ADD_CHILDREN": ["e37accbd-6a67-4ff4-adfe-cff423030a0b"],
"READ": ["dfgdgdfgdfg"], --> Invalid one
"WRITE":["b9236d3a-41d4-4efd-a695-cb0f758cbf86"], --> Ignored
"PUBLISH":["d8beb217-1889-40dd-99ad-fbd3cab7c426", "d3e78673-044a-4e1e-a38a-56f48cc6d5a5", "9ad24203-ae6a-4e5e-aa10-a8c38fd11f17"] --> Ignored
}
}
When passing the roles to permission, allow roles to be specified by Role Key (which for users is a userId) OR Role ID
You should be able to pass either a role's UUID or the Role Key for any role
Follow the Null, Empty Collection, Collection rule of our other dependencies
- if the
individualPermissionsis not specified (null) we should not do anything with permissions - if the
individualPermissionsis an empty map, we should wipe out all permissions - if the
individualPermissionsare specified, we replace all the permissions with the new list
Originally posted by @nollymar in https://github.com/dotCMS/core/issues/22418#issuecomment-1238640237
We need to catch the exception in case you send an incorrect id, we are getting 500 error code instead the 404
The message is ok, but the error code need some work
Failed QA - Tested on 23.05_3650a5d0_SNAPSHOT // Docker // macOS 13.0 // FF v111.0
Passing the following test
-
If I type an invalid roleId, the response is 200 (OK) and all the permissions added after the invalid one are ignored
-
if the individualPermissions is not specified (null) we should not do anything with permissions
-
if the individualPermissions is an empty map, we should wipe out all permissions
-
if the individualPermissions are specified, we replace all the permissions with the new list
For this issue we are ok with the specific scenarions, we will move the failing case to a new card in order to test the correct response codes in all the resource. #24627
Approved QA - Tested on 23.05_3650a5d0_SNAPSHOT // Docker // macOS 13.0 // FF v111.0
Failing test will be addressed in card #24627