Thanks Robert for your help. On Tue, May 11, 2021, 08:51 Manoj VM <[email protected]> wrote:
> Dear Robert, > > Thank you very much for the API details. > > With this API we are able to update roles with new permissions. > Now the new endpoints are populated properly in the JWT token. > > New endpoints are working fine now. > > Thanks again. > > Thanks and Regards, > Manoj > fynarfin.io > > > On Mon, May 10, 2021 at 7:37 PM Robert Elles <[email protected]> > wrote: > >> Hi Manoj, >> >> Yes, that sounds like some progress, good! >> >> You need to send a put request with the updated administrator role >> containing your new permission group id in the permission list as payload >> to the /identity/v1/roles/administrator endpoint. See >> the RoleRestController in the identity project. >> >> Best, >> Robert Elles >> >> Head of Global Product Development >> >> Kuelap, Inc. >> +4915788460030 >> [email protected] >> www.kuelap.io >> Pappelallee 78-79, 10437 Berlin, Germany >> [image: linkedin] <https://www.linkedin.com/in/robertelles/> >> >> Kuelap GmbH - Geschäftsführer: Craig Chelius | Registergericht: >> Amtsgericht Charlottenburg (Berlin) | HBR 201125 B >> >> >> On Mon, May 10, 2021 at 12:20 PM Manoj VM <[email protected]> wrote: >> >>> Dear Robert, >>> >>> Thanks a lot for your help >>> >>> First we were trying with an existing group Id in @Permitable >>> annotation, after your suggestions we tried creating new group ids for our >>> new endpoints. >>> >>> Now, the new group Ids are populated in isis_permitable_groups table in >>> Cassandra. Yet we are not getting them in the permission list for >>> administrator(operator). Also the new end points are not present in the JWT >>> token created while logingin as administrator (operator). >>> >>> Could you please tell us how to assain these permissions to the role? >>> >>> I have a feel that we are in right direction, but still miles to go. >>> >>> Thanks, >>> Manoj >>> >>> On Mon, 10 May, 2021, 14:10 Robert Elles, <[email protected]> >>> wrote: >>> >>>> Hello Avik, >>>> >>>> the gradle task publishApiToMavenLocal if for publishing the api >>>> artefact of the current projekt to the local maven repository but does not >>>> relate to permissions. >>>> >>>> In your cassandra instance you can also check the >>>> isis_permittable_groups table. If you see your new endpoints under the >>>> permittable group id then you know that the assign application worked. In >>>> the @Permittable did you set a new group id or did you use an existing one? >>>> With a new one you also need to assign the new permission to the user's >>>> role with whom you call the endpoint. With an existing group id there >>>> might be still a bug that you can not create new endpoints under an >>>> existing permittable group id. >>>> >>>> Best regards, >>>> Robert >>>> >>>> On Sat, May 8, 2021 at 8:40 AM Avik Ganguly <[email protected]> wrote: >>>> >>>>> Hi Robert, Community, >>>>> >>>>> Description : The APIs auto register only on a completely fresh new >>>>> database. >>>>> >>>>> Thank you for the quick response on this issue. >>>>> >>>>> I suspect the issue you see is due to permissions not updated. After >>>>>> you add a new API endpoint to a micro service you need to call the assign >>>>>> application endpoint of provisioner so that the auth-system is made aware >>>>>> of the new endpoint. Your rest controller endpoints must be annotated >>>>>> with >>>>>> @Permittable with the proper parameters. >>>>> >>>>> >>>>> The end points we have created are already annotated with >>>>> @Permittable, however we tried changing the group name to test whether >>>>> the >>>>> new group name will force the permission creation, but it doesn't. >>>>> >>>>> And yes, every time we deploy a new end point, we call the >>>>> provisioner Assign api , which runs migration scripts, but doesn't add >>>>> new >>>>> permissions. >>>>> >>>>> What can we be missing out on? >>>>> >>>>> Perhaps there is a need for one more API in the initial API >>>>> collection which does permission creation, as we could see APIs in >>>>> identity >>>>> service for creating permissions. >>>>> Also we found a gradle task for publishApiToMavenLocal, but running >>>>> the task did not change anything. >>>>> >>>>> With best regards, >>>>> Avik. >>>>> >>>>> Disclaimer: >>>>> >>>>> Privileged & confidential information is contained in this message >>>>> (including all attachments). If you are not an intended recipient of this >>>>> message, please destroy this message immediately and kindly notify >>>>> the sender by reply e-mail. Any unauthorised use or dissemination of >>>>> this message in any manner whatsoever, in whole or in part, is strictly >>>>> prohibited. This e-mail, including all attachments hereto, (i) is for >>>>> discussion purposes only and shall not be deemed or construed to be a >>>>> professional opinion unless expressly stated otherwise, and (ii) is not >>>>> intended, written or sent to be used, and cannot and shall not be used, >>>>> for >>>>> any unlawful purpose. This communication, including any attachments, may >>>>> not be free of viruses, interceptions or interference, and may not be >>>>> compatible with your systems. You should carry out your own virus checks >>>>> before opening any attachment to this e-mail. The sender of this e-mail >>>>> and >>>>> *Fynarfin Tech Private Limited* shall not be liable for any damage >>>>> that you may sustain as a result of viruses, incompleteness of this >>>>> message, a delay in receipt of this message or computer problems >>>>> experienced. >>>>> >>>> >>> Disclaimer: >>> >>> Privileged & confidential information is contained in this message >>> (including all attachments). If you are not an intended recipient of this >>> message, please destroy this message immediately and kindly notify >>> the sender by reply e-mail. Any unauthorised use or dissemination of >>> this message in any manner whatsoever, in whole or in part, is strictly >>> prohibited. This e-mail, including all attachments hereto, (i) is for >>> discussion purposes only and shall not be deemed or construed to be a >>> professional opinion unless expressly stated otherwise, and (ii) is not >>> intended, written or sent to be used, and cannot and shall not be used, for >>> any unlawful purpose. This communication, including any attachments, may >>> not be free of viruses, interceptions or interference, and may not be >>> compatible with your systems. You should carry out your own virus checks >>> before opening any attachment to this e-mail. The sender of this e-mail and >>> *Fynarfin Tech Private Limited* shall not be liable for any damage that >>> you may sustain as a result of viruses, incompleteness of this message, a >>> delay in receipt of this message or computer problems experienced. >>> >> > Disclaimer: > > Privileged & confidential information is contained in this message > (including all attachments). If you are not an intended recipient of this > message, please destroy this message immediately and kindly notify > the sender by reply e-mail. Any unauthorised use or dissemination of this > message in any manner whatsoever, in whole or in part, is strictly > prohibited. This e-mail, including all attachments hereto, (i) is for > discussion purposes only and shall not be deemed or construed to be a > professional opinion unless expressly stated otherwise, and (ii) is not > intended, written or sent to be used, and cannot and shall not be used, for > any unlawful purpose. This communication, including any attachments, may > not be free of viruses, interceptions or interference, and may not be > compatible with your systems. You should carry out your own virus checks > before opening any attachment to this e-mail. The sender of this e-mail and > *Fynarfin Tech Private Limited* shall not be liable for any damage that > you may sustain as a result of viruses, incompleteness of this message, a > delay in receipt of this message or computer problems experienced. >
