Skip to content

Fix the access filter for privileged roles.

Rustam Lotsmanenko (EPAM) requested to merge fix-auth-filter into master

Description:

Current behavior:

  • Endpoints that require service.dataset.viewers or editors roles do not allow requests from users with a higher role. Users with service.dataset.admin receive a 403 response code from endpoints like /retrievalInstructions or /storageInstructions.

Expected behavior:

  • Users with role service.dataset.admin or service.dataset.editors are able to request endpoints that are available for users with role service.dataset.viewers.

How to test:

Does functionality was tested and how?

Changes include:

  • Refactor (a non-breaking change that improves code maintainability).
  • Bugfix (a non-breaking change that solves an issue).
  • New feature (a non-breaking change that adds functionality).
  • Breaking change (a change that is not backward-compatible and/or changes current functionality).

Changes in:

  • Common code

Dev Checklist:

  • Added Unit Tests, wherever applicable.
  • Updated the Readme, if applicable.
  • Existing Tests pass
  • Verified functionality locally
  • Self Reviewed my code for formatting and complex business logic.
Edited by Rustam Lotsmanenko (EPAM)

Merge request reports