Closed tfjanjua closed 1 month ago
tfjanjua
commented
1 month ago This issue https://github.com/eclipse-tractusx/portal-backend/issues/831 was created on backend repo with the assumption that this issue could be resolved from backend side but the issue needs to be resolved from the frontend side.
evegufy
commented
1 month ago @tfjanjua thank you for analysing!
In general, it would be great if you could not link to closed systems like your entry "entry" environment, such an example link is much more friendly in the open: https://portal-backend.example.org/api/services/serviceRelease/inReview?size=15&page=0&status=InReview&sorting=DateDesc
tfjanjua
commented
1 month ago Closing this issue as related PR has been merged
Current Behavior
Service Management->Admin Boardpage is not showing the Services and responding 403 Forbidden error.Expected Behavior
Service Managershould be able to see services list onAdmin Boardpage ORService Managershould not seeAdmin Boardsub-menu option underService Managementmenu if Service Manager doesn't supposed to have related permissions.Steps To Reproduce
Findings
Service Management->Admin Boardpage is calling the API: https://portal-backend.entry.cofinity-x.com/api/services/serviceRelease/inReview?size=15&page=0&status=InReview&sorting=DateDescand this API has following permissions:
but
Service Manageruser account doesn’t have such permissions, I can shareService Manageruser account’s access token and its existing list of permissions, if required.From frontend: I found that frontend is showing or hiding this Admin Board page on the basis of following roles:
So, the issue seems to be at the frontend side that
APPROVE_SERVICE_RELEASEvariable as wrong role value (activate_subscription) which needs to be corrected byapprove_service_releasevalue so, that thisAdmin Boardpage would only be visible to the users who would have same roles as API roles.