Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add 403UserCentricPreparator to handle random parameters that generates a 403 error because the user is not allowed to browse them #55

Closed
wants to merge 1 commit into from

Conversation

Wilkins
Copy link
Contributor

@Wilkins Wilkins commented Feb 1, 2024

In many cases in the baseline we have to ignore some tests because the parameters in the URL are user centric.
This mean that if we change the item we request, the user gets a 403 (an not a 404), because they're not allowed to browse it.
So :

  • we changed the OpenApiDefinitionLoader to parse the "x-dummy" parameters
  • we created a new x-apitester-user-centric-parameter that decide in the operation, if parameters are user centric or not
  • we created a new preparator to handle that case
  • we ignore the UserCentric operations in the 404Preparator

It will be used in the PR : https://github.com/simpleit/SdZv4/pull/14558

Example of usage :
/student-applications/{studentApplicationId}/disqualify <- because the user is not allowed to browse student applications that are not his
/users/{userId}/whatever <- because only the right user can browse his own route.

@Wilkins Wilkins requested review from sidux and DotnDev February 1, 2024 07:19
@Wilkins Wilkins self-assigned this Feb 1, 2024
@Wilkins Wilkins added enhancement New feature or request help wanted Extra attention is needed labels Feb 1, 2024
…es a 403 error because the user is not allowed to browse them
@Wilkins Wilkins force-pushed the 403_user_centric_preparator branch from bbc22d7 to bdd741f Compare February 1, 2024 09:00
@Wilkins
Copy link
Contributor Author

Wilkins commented Feb 12, 2024

This should not be useful.
If you need this, you probably better be adding the missing rights to the SecurityGroupWithAllRoles in tests/Fixtures/Yaml/Security/SecurityGroup.yml

@Wilkins Wilkins closed this Feb 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help wanted Extra attention is needed
Development

Successfully merging this pull request may close these issues.

None yet

1 participant