Permission validation on the Publisher UI elemets for API update

This is required for task for UX layer validation for Publisher-creator (role-wise) separation of API update operations.

Simply some fields of API are allowed to be updated by api-creator (role) users and not allowed to be updated by api-publisher (role) users. The REST api level validation is already added by [1] and UX level validation has to be done as below.

For each Editable TextField, Save/Update/Edit button, Switch, Tick bok, Radio Button, etc. the "disabled" property has to be set or conditional rendering has to be done.

1. Setting "disabled" property.

e.g. API description related TextField

 <TextField
       id='outlined-multiline-static'
       ...
       disabled={isRestricted(['apim:api_create'], api)}
 />

As above the value of "disabled" property is set by calling isRestricted(..) function defined in AuthManager.js

Arguments passed to the isCreated() function

1- Scopes permitted to update the field

So in the above example, only the users having "apim:api_create" scope can update the field. For others, the field will be disabled.

If a field needs to be allowed to edit for both 'publisher', 'creator' roles. the arguments has to be passed as below.

disabled={isRestricted(['apim:api_create', 'apim:api_publish'], api)} 
'''



[1] https://github.com/wso2/product-apim/issues/5471
[2] https://github.com/wso2/carbon-apimgt/blob/f3b4e5ac132be93213ea71c467d156aaa91ec191/features/apimgt/org.wso2.carbon.apimgt.publisher.feature/src/main/resources/publisher-new/source/src/app/data/AuthManager.js#L195-L211

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Permission validation on the Publisher UI elemets for API update

1. Setting "disabled" property.

Clone this wiki locally