Open typecastcloud opened 2 days ago
Hi @typecastcloud thanks for reporting, I can reproduce the issue and yes, adding the role view_client_roles to App Manager would solve it.
The endpoint was introduced with our latest version (2.0.0): https://github.com/eclipse-tractusx/portal-backend/pull/633/files#diff-01c4a6a7c5ebe2470acb750a3f512fe7694120e9285046443a9a916db3de244eR508
But the R&R concept doesn't cover it
@jjeroch was it simply missed to add t view_client_roles to App Manager in the the cx-central realm or is the authorization on the endpoint not correct?
Recheck done, this issue is (as already assumed by @evegufy) on the endpoint side. view_clinet_roles is supposed to get used when it comes to actual role assignment. Since the App Manager is not supposed to assign roles to company users, the permission is not expected to be assigned. Instead the permission of the following endpoints need to get switched
edit_apps
add_apps
Current Behavior
API returns 403 error forbidden while uploading the required file. https://portal-backend.entry.cofinity-x.com/api/apps/AppReleaseProcess/b6efcea6-d871-4f3c-a33b-0ea48a7a26ce/roles
Request Method: GET
Status Code: 403 Forbidden
Expected Behavior
App Manager can upload App Roles document.
Steps To Reproduce
Finding
App Manager is missing the role: view_client_roles from Cl2-CX-Portal required to access GET endpoint https://portal-backend.entry.cofinity-x.com/api/apps/AppReleaseProcess/{appid}/roles