search

wso2 / product-apim

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
846 stars 785 forks source link

Cannot change ownership of applications to users with custom subscriber roles #10640

Closed dushaniw closed 3 years ago

dushaniw commented 3 years ago

Description:

Cannot change ownership of applications to a user who has a custom role mapped to internal/subscriber role. If we create another user and directly assign "internal/subscriber" role, can change ownership to him.

Steps to reproduce:

  1. Create "user1"
  2. Create "role1"
  3. Map scopes of internal/subscriber to role1 from Admin portal.
  4. Create "user2" and assign internal/subscriber role.
  5. Log into Devportal as user2
  6. Create App1
  7. Log into same tenant admin portal as an admin
  8. Go to the Applications menu and search for "App1" and change ownership from user1 to user2

Affected Product Version:

API-M 4.0.0 Alpha

wasuradananjith commented 3 years ago

I followed the below steps.

  1. Create "user1"
  2. Create "role1" and assigned it to "user1"
  3. Map scopes of internal/subscriber to role1 from Admin portal.
  4. Create "user2" and assign Internal/subscriber role.
  5. Log into Devportal as user2
  6. Create App2
  7. Log into Devportal as user1. You will be unable to login.
  8. Restart the server.
  9. Now again login into Devportal as user 1. You will be able to successfully logged in.
  10. Create App1
  11. Log into the same tenant admin portal as an admin
  12. Go to the Applications menu and search for "App1" and change ownership from user1 to user2. It will be successful.
  13. Go to the Applications menu and search for "App2" and change ownership from user2 to user1. It will be successful.

The problem here was the changes in the tenant-conf.json have not been reflected. After the restart, the changes must have got reflected. So the issue that should fix is updating the tenant-conf.json on the fly, without restarting the server.

wasuradananjith commented 3 years ago

I followed the below steps.

1. Create "user1"

2. Create "role1" and assigned it to "user1"

3. Map scopes of internal/subscriber to role1 from Admin portal.

4. Create "user2" and assign Internal/subscriber role.

5. Log into Devportal as user2

6. Create App2

7. Log into Devportal as user1. **You will be unable to login.**

8. Restart the server.

9. Now again login into Devportal as user 1. You will be able to successfully logged in.

10. Create App1

11. Log into the same tenant admin portal as an admin

12. Go to the Applications menu and search for "App1" and change ownership from user1 to user2. It will be successful.

13. Go to the Applications menu and search for "App2" and change ownership from user2 to user1. It will be successful.

The problem here was the changes in the tenant-conf.json have not been reflected. After the restart, the changes must have got reflected. So the issue that should fix is updating the tenant-conf.json on the fly, without restarting the server.

Adding to the above, according to [1],

If you get a "Error while updating ownership to " error (e.g., Error while updating ownership to Kim) in the Admin Portal, make sure to request that specific user (e.g., Kim) to sign in to the WSO2 Developer Portal, because users are not added as subscribers until they sign in to the Developer Portal at least once.

So the error that observed here is expected. Thus confirms that the only thing that should be fixed is the 7th step - Log into Devportal as user1. You will be unable to login..

[1] https://apim.docs.wso2.com/en/latest/learn/consume-api/manage-application/advanced-topics/changing-the-owner-of-an-application/#changing-the-owner-of-an-application

malinthaprasan commented 3 years ago

Will be taken after beta release.