rmsamitha
commented
3 years ago Issue is not reproduced in 4.0.0-beta pack.
Closed ruwiniwj closed 3 years ago
rmsamitha
commented
3 years ago Issue is not reproduced in 4.0.0-beta pack.
rmsamitha
commented
3 years ago This is also not reproducible in the distributed setup when tested with newly created roles, users and an API. The issue @ruwiniwj has encountered in the distributed setup is only an indexing issue. Eventhough the "A_RUW_SUB2" user or any other use who doesn't have "a_ruw_sub" role, can see the "a_ruw" API in the listing, he cannot go into that API. Below page is displayed once clicked the API.
So visibility in the store features is preserved corresponding to the "restricted by roles" aspect. So this could be an indexing issue and closing since cannot be reproduced with new roles/apis/users.
Description:
When store visibility is configured for an API, the API doesn't get listed in the public/anonymous view but is listed for both allowed and restricted users.
Steps to reproduce:
Create 2 user
a_ruw_subanda_ruw_sub2and create and assign rolesa_ruw_subanda_ruw_sub2to them respectively.Add scope mappings to
internal/subscriberfor both rolesCreate and publish an API
Set store visibility to
a_ruw_suband deploy a new revision.Open the devportal in anonymous view, the API will not be listed
Login as either
a_ruw_subanda_ruw_sub2and the API will be listed for both.Note: This behaviour was observed in super tenant users.
Affected Product Version:
Environment details (with versions):
Optional Fields
Related Issues:
Suggested Labels:
Suggested Assignees: