Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

Securing APIs by default

RCA Group

None

Description

Per , all public APIs should be protected by default. That means field permissionsRequired is required when defining non-system APIs in the handlers section of module descriptor. If there is a strong technical reason that an API cannot be protected, for example, /authn/login, use *"permissionsRequired" : [ ]* to make it explicit. Note it is OK to use *"permissionsRequired": [ ]* for two APIs //ramls and //jsonSchemas provided by RMB.

Please fix following APIs in this module

Create task for UI

Environment

None

Potential Workaround

None

Linked issues

defines

NFR: Data Import (Batch Importer for Bib Acq) & PubSub Q2 2020 Technical, NFR, & Misc bug work

relates to

permissionsRequired required (securing APIs by default)

Create following up module tickets after securing API by default

Checklist

hide

TestRail: Results

Activity

Show:

Done

Details

Assignee

Ruslan Lavrov

Reporter

Hongwei Ji

Labels

data-importepam-folijet

Priority

P2

Story Points

0.5

Sprint

None

Development Team

Folijet

Parent

UXPROD-47 Batch Importer (Bib/Acq)

Fix versions

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created April 24, 2020 at 11:42 PM

Updated June 11, 2020 at 7:11 PM

Resolved May 14, 2020 at 4:55 PM

TestRail: Cases

TestRail: Runs