Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role permissions are removed from a role when execute SCIM2 Patch ADD operation #21628

Open
ShanChathusanda93 opened this issue Nov 6, 2024 · 0 comments
Open

Role permissions are removed from a role when execute SCIM2 Patch ADD operation #21628

ShanChathusanda93 opened this issue Nov 6, 2024 · 0 comments
Labels
Priority/Highest Severity/Critical Team/API Access Mgt & Authorization Type/Bug

Comments

@ShanChathusanda93
Copy link
Contributor

ShanChathusanda93 commented Nov 6, 2024
edited
Loading

Describe the issue:
We can add permissions to an existing role from the SCIM2 Patch operation. When we use the add operation to add permissions to an existing role, then the existing permissions are getting deleted and only the permissions that we are adding from the PATCH ADD operation will be available in the role.

Screen.Recording.2024-11-06.at.11.30.47.PM.mov

Also if we execute the aforementioned PATCH ADD operation again to the same resource, then in the second time again the previously added permissions are removed.

Screen.Recording.2024-11-06.at.11.34.20.PM.mov

How to reproduce:

  1. Log in to Console application and create a role. (Can directly do it from SCIM2 Roles API as well)
  2. Now assign some permissions to the role.
  3. Execute PATCH ADD operation on to of the created role.
curl --location --request PATCH 'https://localhost:9444/scim2/v2/Roles/e476b203-f20b-4a0c-b484-c63856300d04' \
--header 'Authorization: Bearer 8052da4b-dce4-396d-a47e-275933aabe0e' \
--header 'Content-Type: application/json' \
--data '{
    "Operations": [
        {
            "op": "add",
            "value": {
                "permissions": [
                    {
                        "value": "{{SCOPE_NEEDS_TO_BE_ADDED"
                    }
                ]
            }
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ]
}'
  1. In the response you can see that only the Scopes you added from the API PATCH ADD operation. Previously assigned ones are not available.
  2. This can be seen in the console as well.
  3. Now again execute the SCIM2 PATCH ADD operations with the same content.
  4. Now in the response the permissions are nemoved.

Expected behavior:

  • ADD operation only should add the details to a resurce.

Environment information (Please complete the following information; remove any unnecessary fields) :

  • Product Version: IS 7.1.0 m4 SNAPSHOT
  • OS: Mac
  • Database: H2
  • Userstore: JDBC
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority/Highest Severity/Critical Team/API Access Mgt & Authorization Type/Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ShanChathusanda93