wso2 / api-manager

All issues, tasks, improvements and new features of WSO2 API Manager
Apache License 2.0
34 stars 8 forks source link

Devportal visibility restriction by roles not working #3152

Closed PasanT9 closed 4 weeks ago

PasanT9 commented 1 month ago

Description

APIs are visible even after the visiblity is restricted by roles.

Steps to Reproduce

  1. Log into carbon console and create a new user.
  2. Add creator, publisher and subscriber roles.
  3. Log into publisher portal using the Admin user and create a new API.
  4. Go to Basic Info. Set Devportal visibility to Restrcited by Role(s).
  5. Now add admin as the role.
  6. Save and publish the API.
  7. Now log into Developer portal with the user created at step 1.

Affected Component

APIM

Version

4.4.0-alpha

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

No response

Avishka-Shamendra commented 4 weeks ago

PR https://github.com/wso2/carbon-apimgt/pull/12619

Avishka-Shamendra commented 4 weeks ago

Hi all,

We have discussed this internally and this is the expected behaviour. Though for an API devportal visibility is restricted (ex: "admin" role), if the user has "internal/publisher" role the API will be visible to them on the devportal. This is done in this manner so that publishers can see the same set of APIs on publisher as well as the devportal.

Hence will be closing the PR.

Thank you Avishka