Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

No enough permissions to update Instance Relationships

Description

NOTE: No need to do this until Instance relationship feature is completed in the UI (see UIIN-231)
Prerequisites
POST/instances method works with relationships while processing the target Instance (see Instances.updateInstanceRelationships method )
While working with Instance relationships the mod-inventory may do GET, POST, PUT and DELETE requests, however POST endpoint does not have module permissions for PUT and DELETE operations.

Solution
Endpoint declaration(POST) should be expanded with 2 module permissions:
"inventory-storage.instances.item.put"
"inventory-storage.instances.item.delete"

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Bohdan SuprunJanuary 28, 2020 at 12:30 PM

Hi ,

Due to the luck of response I'm closing the issue as can not reproduce.

If the issue is still reproducible please raise/reopen a bug and provide steps how to reproduce it.

CC: , .

Thanks,
Bohdan

Bohdan SuprunJanuary 27, 2020 at 4:34 PM

Hi , ,

Why do we need to update/remove relationships in POST instance endpoint? My understanding that when we create an instance the instance relationships should not exists, so no need to update/remove them but only to create, unless you're running a special case, e.g. upsert.

Could you please provide some steps to reproduce?

Thanks,
Bohdan

Marc JohnsonJanuary 10, 2020 at 3:04 PM

I think this is either a P2 or a P3.

When I went through the backend bugs assigned to the Core Functional team recently, I concluded this was a P3.

This was based upon

The product or application doesn’t meet certain criteria or still exhibits some unnatural behavior while affecting one isolated piece of functionality.

The unmet criteria is that the inventory API should be accessible to users with the minimum amount of permissions for that API.

An issue is self-contained and has an acceptable & easily reproducible workaround.

The missing permissions can be added to the UI defined permission set. I don't know if this workaround has already been applied.

Cate BoeremaJanuary 10, 2020 at 2:37 PM

can you please assign the appropriate priority to this? I am not sure how to assess it.

Charlotte WhittJanuary 5, 2020 at 6:38 PM

Hi - I just noticed that you changed this to a P2.
Please note that the UI work is not yet done, and the work has not being prioritized for cap-MVP.
We can maybe talk next week about this, if you think this should be re-prioritized/change somehow.

Cannot Reproduce

Details

Assignee

Reporter

Labels

Priority

Story Points

Sprint

Development Team

Prokopovych

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created June 9, 2019 at 10:24 AM
Updated January 28, 2020 at 12:42 PM
Resolved January 28, 2020 at 12:31 PM
TestRail: Cases
TestRail: Runs

Flag notifications