Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions error on delete unused data classes and unused data types endpoints on data model #272

Closed
joe-crawford opened this issue Feb 21, 2022 · 2 comments · Fixed by #294
Closed

Permissions error on delete unused data classes and unused data types endpoints on data model #272

joe-crawford opened this issue Feb 21, 2022 · 2 comments · Fixed by #294
Assignees
@joe-crawford
Labels
bug Something isn't working
Milestone
5.1.0

Comments

@joe-crawford
Copy link
Contributor

Description

The PUT /dataModels/{{data_model_id}}/dataClasses/clean and {{base_url}}/dataModels/{{data_model_id}}/dataTypes/clean endpoints give a 403 Forbidden error when called.

Steps to reproduce

  1. Logged in as an admin user, create a new data model with default data types containing only an empty data class.
  2. Call the PUT /dataModels/{{data_model_id}}/dataClasses/clean and {{base_url}}/dataModels/{{data_model_id}}/dataTypes/clean as the admin user.
  3. A 403 error is returned, e.g.:
{
    "path": "/api/dataModels/0244b8d9-b3e3-49c2-81a4-63c0bd5149c2/dataClasses/clean",
    "additional": "User does not have the necessary permissions"
}

Expected behavior

Unused data types or data classes should be deleted from the data model when called by a user with appropriate permissions.

Environment

  • mdm-core latest develop

Additional context

When logged in as admin user, access to the endpoints is prevented at TieredAccessSecurableResourceInterceptor.groovy, line 81.
@joe-crawford joe-crawford added the bug Something isn't working label Feb 21, 2022
@joe-crawford
Copy link
Contributor Author

Comment from @olliefreeman: URL mappings for these endpoints could probably be removed.

@olliefreeman
Copy link
Contributor

basically we added these for MDC for james and I to use to clean up some DMs, they were never intended for public consumption and we never really used them. So yes, lets delete the endpoints and the controller methods

@jamesrwelch jamesrwelch moved this to Backlog in MDM State Mar 7, 2022
@joe-crawford joe-crawford self-assigned this Mar 11, 2022
@joe-crawford joe-crawford mentioned this issue Mar 15, 2022
Open
joe-crawford added a commit that referenced this issue Mar 16, 2022
@joe-crawford
gh-272 Remove unused clean datatypes/dataclasses endpoints
7230fd4 
- Delete dataTypes/clean and dataClasses/clean endpoints and controllers from datamodel plugin (resolves gh-272 error due to permissions)
- Delete dataTypes/clean endpoint and controller from referencedata plugin (endpoint gave error due to mapping issue)
@joe-crawford joe-crawford mentioned this issue Mar 16, 2022
Merged
Repository owner moved this from Backlog to Merged to Develop / Waiting to release in MDM State Mar 17, 2022
@olliefreeman olliefreeman added this to the 5.1.0 milestone Mar 17, 2022
@joe-crawford joe-crawford moved this from Merged to Develop / Waiting to release to Released in MDM State Apr 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joe-crawford joe-crawford

Labels
bug Something isn't working
Projects
MDM State
Status: Released
Milestone
5.1.0
Development

Successfully merging a pull request may close this issue.

Clean up unused endpoints MauroDataMapper/mdm-core
2 participants
@olliefreeman @joe-crawford