No feedback when attempting to create a duplicate permissionSet using the tenant interface

Description

When a permissionSet is defined in a module descriptor and the module is enabled for a tenant, the permissionSet is created in storage for that tenant. If another module defines a permissionSet with the same permissionName and enabled for the tenant, the second permissionSet is not loaded, and there is no feedback from mod-permissions or Okapi.

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Attachments

Linked issues

relates to

STRIPES-435

Modify Names of Logical Permissions

Checklist

hide

TestRail: Results

Activity

Show:

Jakub Skoczen June 12, 2020 at 11:01 AM

Closing as outdated. Re-open if needed.

Wayne Schneider August 16, 2017 at 4:35 PM

To replicate using the folio/testing-backend Vagrant box:
POST a toy module descriptor to http://localhost:9130/_/proxy/modules:

{
  "id":"myPermsTest1",
  "name":"Testing permissions loading #1",
  "permissionSets":[
    {
      "permissionName":"myPermsTest",
      "subPermissions":[
        "module.items.enabled",
        "module.users.enabled"
      ]
    }
  ]
}

Enable the module myPermsTest1 for the sample tenant diku
Login as diku_admin/admin
GET the permission: http://localhost:9130/perms/permissions?query=permissionName%3D%3DmyPermsTest

{
    "permissions": [
        {
            "permissionName": "myPermsTest",
            "id": "6543f5f4-7ad7-40f4-bea6-32da53c22b49",
            "tags": [],
            "subPermissions": [
                "module.items.enabled",
                "module.users.enabled"
            ],
            "mutable": false,
            "visible": false
        }
    ],
    "totalRecords": 1
}

POST another toy MD:

{
  "id":"myPermsTest2",
  "name":"Testing permissions loading #2",
  "permissionSets":[
    {
      "permissionName":"myPermsTest",
      "subPermissions":[
        "module.trivial.enabled",
        "module.checkin.enabled"
      ]
    }
  ]
}

Enable myPermsTest2 for the diku tenant (returns 201 Created)
Okapi log:

2017-08-16 16:08:14,954 INFO  ProxyService         No tenantId, defaulting to okapi.supertenant
2017-08-16 16:08:14,954 INFO  ProxyContext         429863/_ REQ 10.0.2.2:51476 okapi.supertenant POST /_/proxy/tenants/diku/modules okapi-1.9.0
2017-08-16 16:08:14,958 INFO  OkapiClient          429863/_;070138/tenant REQ okapiClient diku POST http://10.0.2.15:9132/_/tenantpermissions
2017-08-16 16:08:14,993 INFO  OkapiClient          429863/_;070138/tenant RES 201 0us okapiClient http://10.0.2.15:9132/_/tenantpermissions
2017-08-16 16:08:15,000 INFO  ProxyContext         429863/_ RES 201 okapi-1.9.0 /_/proxy/tenants/diku/modules

mod-permissions log:

[Wed Aug 16 16:08:14 UTC 2017] org.folio.rest.tools.utils.LogUtil INFO org.folio.rest.RestVerticle start  invoking postTenantpermissions 
[Wed Aug 16 16:08:15 UTC 2017] org.folio.rest.tools.utils.LogUtil INFO 10.0.2.15:49518 POST /_/tenantpermissions null HTTP_1_1 201 172 40 tid=diku Created

When you query the permissions interface, you still get the permissions from myPermsTest1

Won't Do

Details

Assignee

Kurt Nordstrom

Reporter

Wayne Schneider

Labels

back-end

Priority

Development Team

Core: Platform

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created August 16, 2017 at 3:03 PM

Updated June 12, 2020 at 11:01 AM

Resolved June 12, 2020 at 11:01 AM

Configure

TestRail: Cases

TestRail: Runs