Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

Securing APIs by default

Description

Per , all public APIs should be protected by default. That means field permissionsRequired is required when defining non-system APIs in the handlers section of module descriptor. If there is a strong technical reason that an API cannot be protected, for example, /authn/login, use *"permissionsRequired" : [ ]* to make it explicit. Note it is OK to use *"permissionsRequired": [ ]* for two APIs //ramls and //jsonSchemas provided by RMB.

Please fix following APIs in this module

Environment

None

Potential Workaround

None

Linked issues

defines

NFR: Data Import (Batch Importer for Bib Acq) & PubSub Q2 2020 Technical, NFR, & Misc bug work

relates to

permissionsRequired required (securing APIs by default)

Update readme to specify permissionsRequired

Create following up module tickets after securing API by default

Checklist

hide

TestRail: Results

Activity

Show:

Marc Johnson April 29, 2020 at 3:59 PM

Thanks

Oleksii Kuzminov April 29, 2020 at 8:01 AM

We will deal with it

Ann-Marie Breaux April 28, 2020 at 4:35 PM

Hi your call - what do you think?

Marc Johnson April 28, 2020 at 4:29 PM

As the json schemas endpoint is something that you added to mod-inventory-storage, could this be picked up by FoliJet?

Done

Details

Assignee

Ruslan Lavrov

Reporter

Hongwei Ji

Labels

Priority

P2

Story Points

0.5

Sprint

None

Development Team

Folijet

Parent

UXPROD-47 Batch Importer (Bib/Acq)

Fix versions

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created April 24, 2020 at 11:34 PM

Updated June 4, 2020 at 6:48 AM

Resolved May 14, 2020 at 4:55 PM

TestRail: Cases

TestRail: Runs