Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sig#809 - Implement permission for Onboarding Service Provider endpoints #994

Open
3 tasks
MaximilianHauer opened this issue Sep 12, 2024 · 0 comments · Fixed by #1037
Open
3 tasks

sig#809 - Implement permission for Onboarding Service Provider endpoints #994

MaximilianHauer opened this issue Sep 12, 2024 · 0 comments · Fixed by #1037
Assignees
@Phil91 @gopalreddy-bmw
Labels
enhancement New feature or request
Milestone
Release 24.12

Comments

@MaximilianHauer
Copy link

MaximilianHauer commented Sep 12, 2024
edited
Loading

Description

The following endpoints are only reachable via the "Onboarding Service Provider Management" Page.
Therefor the permission needs to be adjusted accordingly

Adjust the following endpoint to verify against the permission configure_partner_registration

POST: api/administration/registration/network/partnerRegistration
GET: api/administration/registration/network/companies

move api/administration/registration/network/companies to network controller

api/administration/registration/network/companies -> should be moved to the network controller

Acceptance Criteria

  • Ensure that the endpoints POST: api/administration/registration/network/partnerRegistration and GET: api/administration/registration/network/companies are only accessible to users who have the configure_partner_registration permission.
  • Unauthorized access attempts should return an appropriate HTTP status code indicating lack of permission (e.g., 403 Forbidden).
  • Move the GET: api/administration/registration/network/companies endpoint from its current controller to the network controller.

Test cases

Authorized Access - POST Endpoint

Objective: Verify that a user with configure_partner_registration permission can access the POST: api/administration/registration/network/partnerRegistration endpoint.
Steps:
Authenticate as a user with configure_partner_registration permission.
Send a POST request to api/administration/registration/network/partnerRegistration.
Expected Result: The request is successful, and the server responds with a 200 OK status code.

Unauthorized Access - POST Endpoint

Objective: Ensure that a user without configure_partner_registration permission receives a 403 Forbidden status when attempting to access the POST: api/administration/registration/network/partnerRegistration endpoint.
Steps:
Authenticate as a user without configure_partner_registration permission.
Send a POST request to api/administration/registration/network/partnerRegistration.
Expected Result: The server responds with a 403 Forbidden status code.

Authorized Access - GET Endpoint

Objective: Confirm that a user with configure_partner_registration permission can access the GET: api/administration/registration/network/companies endpoint.
Steps:
Authenticate as a user with configure_partner_registration permission.
Send a GET request to api/administration/registration/network/companies.
Expected Result: The request is successful, and the server responds with a 200 OK status code.

Unauthorized Access - GET Endpoint

Objective: Verify that a user without configure_partner_registration permission receives a 403 Forbidden status when attempting to access the GET: api/administration/registration/network/companies endpoint.
Steps:
Authenticate as a user without configure_partner_registration permission.
Send a GET request to api/administration/registration/network/companies.
Expected Result: The server responds with a 403 Forbidden status code.
@MaximilianHauer MaximilianHauer added the enhancement New feature or request label Sep 12, 2024
@MaximilianHauer MaximilianHauer added this to the Release 24.12 milestone Sep 12, 2024
@MaximilianHauer MaximilianHauer mentioned this issue Sep 12, 2024
Open
@MaximilianHauer MaximilianHauer changed the title sig#809 - Implement Companyrole based policy-types sig#809 - Implement permission for Onboarding Service Provider endpoints Sep 12, 2024
@MaximilianHauer MaximilianHauer mentioned this issue Sep 12, 2024
Open
6 tasks
@Phil91 Phil91 assigned Phil91 and unassigned AnuragNagpure Sep 26, 2024
Phil91 added a commit that referenced this issue Sep 26, 2024
@Phil91
feat: adjust permission for osp management
ee30c79 
Refs: #994
Phil91 added a commit that referenced this issue Sep 26, 2024
@Phil91
feat: adjust permission for osp management
353695a 
Refs: #994
@Phil91 Phil91 mentioned this issue Sep 26, 2024
Merged
8 tasks
ntruchsess pushed a commit that referenced this issue Oct 1, 2024
@Phil91
feat: relocate endpoint and adjust permission for osp management (#1037)
ba5abce 
* relocate endpoint api/administration/registration/network/companies to api/administration/network/companies
* adjust permisssion from 'view_submitted_applications' to 'configure_partner_registration'
Refs: #994
@ntruchsess ntruchsess linked a pull request Oct 1, 2024 that will close this issue
feat: adjust permission for osp management #1037
Merged
8 tasks
@MaximilianHauer MaximilianHauer mentioned this issue Oct 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Phil91 Phil91

@gopalreddy-bmw gopalreddy-bmw

Labels
enhancement New feature or request
Projects
Portal
Status: IN REVIEW
Milestone
Release 24.12
Development

Successfully merging a pull request may close this issue.

feat: adjust permission for osp management eclipse-tractusx/portal-backend
4 participants
@Phil91 @AnuragNagpure @MaximilianHauer @gopalreddy-bmw