Can't change REST API authorization

Submitted by msakirkutlu_1359205 on Tue, 07/24/2018 - 14:04
1
0
-1

Hello,
I want to change rest api authorization but it doesn't change. I want to give users to access caseDocuments so i added

profile|User=[document_visualization, download_document]
#GET|bpm/archivedCase=[profile|User]
#GET|bpm/caseDocument=[profile|User]
#GET|bpm/archivedCaseDocument=[profile|User]
#GET|bpm/case=[profile|User]

to custom-permissions-mapping.properties and resources-permissions-mapping-custom.properties files but i still can't access documents with user profile.

#api #bonita7 #restapi #authorization
1 answer

Submitted by pierrick.voulet on Tue, 07/24/2018 - 17:24
1
+1
-1
This one is the BEST answer!

Depending on where you made the change (Studio or Server):

  • Studio: you need to logout/login

  • Server: you need to restart (if you did not configure it to run in debug mode)

HIH,

Comments

Submitted by msakirkutlu_1359205 on Wed, 07/25/2018 - 10:25

i did but still same, i even restarted server. I am using bonita 7.7.2 with tomcat on ubuntu 16.04.
i changed files in

BonitaCommunity-7.7.2-Tomcat-8.5.31/setup/platform_conf/initial/tenant_template_portal/
resources-permissions-mapping-custom.properties*
custom-permissions-mapping.properties*

as i understand from documentation . Maybe i am changing wrong files.

Permalink
Submitted by pierrick.voulet on Wed, 07/25/2018 - 13:55

Indeed, the "initial" folder is only used at initialization time (when the platform is created at first run).

When you want to edit some configuration, you need to edit in the "current" folder instead. This folder exists only after the setup.sh pull command is executed as it pulls the current configuration from the Engine DB. Here are the main steps to edit configuration:

  • setup.sh pull
  • Edit file(s) in the "current" folder
  • setup.sh push (to push the edited configuration in Engine DB)

Best practice is to go through these 3 steps for each edition to avoid pushing legacy version of the configuration by mistake...

Full documentation about the platform configuration is available from this page .

Permalink
Submitted by msakirkutlu_1359205 on Wed, 07/25/2018 - 14:38

still same, i checked a couple times, pulled settings, changed them then pushed it back, then restarted server then i remove current folder and pulled again so i could check did settings change, all seems normal but i still cant access rest.

Files i changed:

BonitaCommunity-7.7.2-Tomcat-8.5.31/setup/platform_conf/current/tenants/1/tenant_portal/custom-permissions-mapping.properties
BonitaCommunity-7.7.2-Tomcat-8.5.31/setup/platform_conf/current/tenants/1/tenant_portal/resources-permissions-mapping-custom.properties
BonitaCommunity-7.7.2-Tomcat-8.5.31/setup/platform_conf/current/tenant_template_portal/custom-permissions-mapping.properties
BonitaCommunity-7.7.2-Tomcat-8.5.31/setup/platform_conf/current/tenant_template_portal/resources-permissions-mapping-custom.properties

And this are the settings i added,

GET|bpm/archivedCase=[profile|User, document_visualization, case_visualization]
GET|bpm/caseDocument=[profile|User, document_visualization, case_visualization]
GET|bpm/archivedCaseDocument=[profile|User, document_visualization, case_visualization]
GET|bpm/document=[profile|User, document_visualization, case_visualization]
GET|bpm/case=[profile|User, case_visualization]
profile|User=[document_visualization, download_document, case_visualization]
Permalink
Submitted by pierrick.voulet on Wed, 07/25/2018 - 15:40

Did you restart/relog as suggested in my first answer?

Permalink
Submitted by msakirkutlu_1359205 on Wed, 07/25/2018 - 15:44

yes i restart portal and reboot server also.

Permalink
Submitted by pierrick.voulet on Wed, 07/25/2018 - 19:23

You do not need to edit the files located under the template folder, it is used only when you create a new tenant which is not your case here.

So you have the GET|bpm/case=[profile|User, case_visualization] styled lines in the dynamic-permissions-checks-custom.properties file and the profile|User=[document_visualization, download_document, case_visualization] line in the custom-permissions-mapping.properties one?

If yes then it should work.

Permalink
Submitted by msakirkutlu_1359205 on Wed, 07/25/2018 - 22:53

Yes, now it's working. After i changed dynamic-permissions-checks-custom.properties i can access documents as user. I never tried to change or add to dynamic-permissions-checks-custom.properties so that was my mistake. Thank you for your help.

Permalink
Notifications