Securing APIs by default

Description

Per https://folio-org.atlassian.net/browse/OKAPI-767#icft=OKAPI-767, all public APIs should be protected by default. That means field permissionsRequired is required when defining non-system APIs in the handlers section of module descriptor. If there is a strong technical reason that an API cannot be protected, for example, /authn/login, use *"permissionsRequired" : [ ]* to make it explicit. Note it is OK to use *"permissionsRequired": [ ]* for two APIs //ramls and //jsonSchemas provided by RMB.

Please fix following APIs in this module

"/_/jsonSchemas"

Environment

None

Potential Workaround

None

Linked issues

relates to

OKAPI-767

permissionsRequired required (securing APIs by default)

FOLIO-2567

Create following up module tickets after securing API by default

Checklist

hide

TestRail: Results

Activity

Show:

Done

Details

Assignee

Hongwei Ji

Reporter

Hongwei Ji

Labels

platform-backlog

Priority

TBD

Story Points

0.5

Sprint

None

Development Team

Core: Platform

Fix versions

3.0.0

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created April 24, 2020 at 11:32 PM

Updated June 12, 2020 at 2:09 PM

Resolved June 4, 2020 at 2:57 PM

Configure

TestRail: Cases

TestRail: Runs

mod-finance

Securing APIs by default

Description

Environment

Potential Workaround

Linked issues

relates to

Checklist

TestRail: Results

Activity

Details

Assignee

Reporter

Labels

Priority

Story Points

Sprint

Development Team

Fix versions

TestRail: Cases

TestRail: Runs

Flag notifications

Something's gone wrong