Drupal Apigee API Product RBAC not filtering API Products based on Roles #1098
Assignees
Labels
bug
Something isn't working
Comments
|
Hi @urbanenomad |
|
Is there any updates on this? |
|
Hey so I think I figured out the issue at the following lines. the line should read like the following. $result = AccessResult::forbidden("{$operation} is not allowed on {$entity->label()} API product."); Same for this line. $result = AccessResult::forbidden("{$operation} is not allowed on {$entity->label()} API product."); This resulted with the correct output on the App Create page. |
|
Hi @urbanenomad |
urbanenomad
added a commit
to urbanenomad/apigee-edge-drupal
that referenced
this issue
Dec 12, 2024
Changed from neutral to forbidden so that API Products do not show up on the assign operation or Create App when using the RBAC service to control access to API Products. This is to solve issue apigee#1098
This was referenced Dec 12, 2024
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
A clear and concise description of what the bug is.
Apigee Info
We have both apigee hybrid and apigee-x instances that we want to support
Steps to Reproduce
Steps to reproduce the behavior:
Enable apigee API product RBAC
Configured Custom Attribute on some test apigee products
Actual Behavior
Non-admin account that was set to one of the attirbute roles still shows all products even more than if we did just products by visiblity. It now shows all the products.
We also did not enable "Bypass API product access control" nor did we enable "Show API products with missing or empty attribute to everyone"
Expected Behavior
We would have hoped to see when a developer trys to create an App they only see the API products that have their role in the custom attribute
Notes
Add any other context about the problem here.
Version Info
Drupal 10.3.6
Modules:
Apigee: 3.0.10
Apigee API Catalog 3.0.8
The text was updated successfully, but these errors were encountered: