Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API Visibility Issue in DevPortal for INTERNAL Role Updates #3502

Closed
Abshan opened this issue Jan 7, 2025 · 0 comments · Fixed by wso2/carbon-apimgt#12740
Closed

API Visibility Issue in DevPortal for INTERNAL Role Updates #3502

Abshan opened this issue Jan 7, 2025 · 0 comments · Fixed by wso2/carbon-apimgt#12740

Comments

@Abshan
Copy link

Abshan commented Jan 7, 2025

Description

An issue has been observed with the DevPortal API visibility feature, which is used to restrict API access to specific users. The problem arises when a user's role is dynamically updated. If the user is already logged into the DevPortal, the updated API visibility permissions do not take effect immediately. Instead, the changes are reflected only after the cache expiry time of 15 minutes.

This issue occurs exclusively with users assigned to INTERNAL roles (e.g., internal/abc) and does not affect other role types. For non-INTERNAL roles, the visibility updates are applied immediately without any delay.

The delay in reflecting updated API visibility creates confusion and reduces the efficiency of dynamic role updates for API visibility management. This can negatively affect the user experience by introducing unnecessary delays in accessing APIs after role updates.

Steps to Reproduce

  1. Create a user and an internal role (e.g., internal/abc), but do not assign the role to the user initially.
  2. Create an API and configure the API DevPortal visibility to be restricted to the internal role.
  3. Log in to the DevPortal with the created user.
  4. Assign the internal role to the user.
  5. Check the DevPortal to see if the API is visible. The API will only become visible after the cache expiry time (15 minutes).

Version

4.2.0

Environment Details (with versions)

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants