Introduce granular console permissions#1141
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughSummary
WalkthroughThe Sequence Diagram(s)sequenceDiagram
participant TestNG
participant ServerAPIResourceCollectionManagementService
participant APIResourceCollectionManagementUtil
participant APIResourceMap
TestNG->>ServerAPIResourceCollectionManagementService: buildAPIResourceMap(collection)
ServerAPIResourceCollectionManagementService->>APIResourceCollectionManagementUtil: isGranularConsolePermissionsEnabled()
APIResourceCollectionManagementUtil-->>ServerAPIResourceCollectionManagementService: permission flag
ServerAPIResourceCollectionManagementService->>APIResourceMap: populate read/write buckets
ServerAPIResourceCollectionManagementService->>APIResourceMap: populate create/update/delete when enabled
APIResourceMap-->>TestNG: return mapped resource buckets
🚥 Pre-merge checks | ✅ 2 | ❌ 3❌ Failed checks (3 warnings)
✅ Passed checks (2 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
d839d6e to
ead3909
Compare
ead3909 to
a6a4ec0
Compare
|
PR builder started |
| applicationManagementService, | ||
| apiResourceManager, | ||
| authorizedAPIManagementService | ||
| null, |
There was a problem hiding this comment.
Yes, this was intentional. applicationManagementService, apiResourceManager and authorizedAPIManagementService are only used in the self-service application create/authorize flow (doPostConfigurationUpdate → processSelfServiceEnablement/authorizeAPItoSelfServiceApp), which runs only when enablePostListener is true. The two tests here cover getOrganizationGovernanceConfigs() and updateOrganizationGovernanceConfigs(..., false), so those three collaborators are never invoked — hence passing null instead of keeping unused mocks. Happy to restore the mocks if you prefer to keep them for future test coverage.
|
PR builder completed |
jenkins-is-staging
left a comment
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/29573931105
Purpose
Exposes the new granular console permission levels (create / update / delete) through the API Resource REST API, so the Console UI can read them when building the console role permission tree.
This is the REST-layer half of the granular console permissions work; the underlying model and scope resolution are introduced in the framework (see Related PRs).
Resolves: wso2/product-is#27974
Goals
create,update, anddeleteAPI resource lists in the API resource collection response, alongside the existingreadandwritelists.Approach
APIResources.yaml— extended theAPIResourceMapschema with three new array properties (create,update,delete), each an array ofAPIResourceCollectionItem, mirroring the existingread/writeshape.APIResourceMap(generated model) — regenerated to add thecreate/update/deletefields, fluent setters,addXItemhelpers, and updatedequals/hashCode/toString.ServerAPIResourceCollectionManagementService—buildAPIResourceMapnow reads thecreate/update/deleteentries from the framework's resolvedapiResourcesmap (using the newAPIResourceCollectionManagementConstants.CREATE/UPDATE/DELETEkeys) and populates them on the response.The change is purely additive —
readandwritecontinue to be returned unchanged, so existing clients are unaffected.