Role Permissions not present in Beckn-ONIX installed registry

[vbabuEM]

Problem: The registry that Beckn-ONIX installs, allows new users to modify all data in the system. This is not ideal for production systems. I checked with Venky Mahadevan. Apparently there are a bunch of Role Permissions that need to be created for it to work like current BOC Registry.

Workaround: I have attached to this mail the exported data from BOC. For any registry already installed, this file has to be imported from the Role Permissions page.

Solution: As part of Registry installation, we have to import these Role permissions (It might be a good idea to check them first). The overall outcome is that the Registry installed through Beckn ONIX should have a secure policy which does not allow a user to edit other's records. RolePermission.xlsx

[vbabuEM]

Pasted from Issue 167 while closing it as duplicate

When we install Registry using Beckn-ONIX, the role-permission installed by default allows any user to signup and be able to edit any other user's records. This looks very dangerous as the default behavior.

Solution

Brainstorm with Spec/Product manager over the ideal role permission to be set as default for the registry The default role-permission installed should be those that are decided by item 1 above.

[viraj89]

To establish clarity and work with Venkatesh.

[prasad-takale-eminds]

I tried using the API https://registry-ueip2p.becknprotocol.io/role_permissions/importxls to update the RolePermission.xlsx file, but encountered the following error message

{
  "error" : "Action is only available from UI"
  ,"message" : ""
  ,"status" : "FAILED"
}

I am following up with Venky to see if we can enable this API.

[prasad-takale-eminds]

I connected with Venky and debugged the issue, but we are still not able to upload the role permission. Below is the updated curl -L -v -H 'ApiKey:$apiKey' -F datafile=@RolePermission.xlsx "https://registry-ueip2p.becknprotocol.io/role_permissions/importxls".

Venky is looking into it.

[prasad-takale-eminds]

We need to set up a new registry without docker and test it. We will pick this in the current iteration.

[prasad-takale-eminds]

We have set the new registry as suggested by Venky and tested the curl command, but RolePermissions are still not getting updated.

Venky is looking into it.

[prasad-takale-eminds]

Created a new shell script to update the role permission. Also, created the new docker image with the latest code changes for the registry. Will do the end-to-end testing of this.

[prasad-takale-eminds]

We have made required changes in benck-onix script. PR: https://github.com/beckn/beckn-onix/pull/270