Users with creator/publisher role can see the visibility restricted API in devportal

wso2 / product-apim

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.

http://wso2.github.io/

Apache License 2.0

846 stars 786 forks source link

Users with creator/publisher role can see the visibility restricted API in devportal #12498

Closed dulithsenanayake closed 2 years ago

dulithsenanayake commented 2 years ago

Description:

When restricting the developer portal visibility of an API role wise, it shows tags of restricted APIs to roles which are not allowed to view.

Steps to reproduce:

https://user-images.githubusercontent.com/31464477/155716079-9fbad5cd-6859-4dd4-82ed-78bad65fe293.mp4

Affected Product Version:

API Manager 4.1.0 Alpha

rmsamitha commented 2 years ago

The API Creator and Publisher roles can see all APIs in their tenant Developer Portal even if you restrict access to them. This is because those roles have permission to view and edit all APIs in the API Publisher, and therefore, do not have to be restricted in the Developer Portal. So this is not an issue, hence closing.