-
Bug
-
Resolution: Done
-
Major
-
1.2
-
False
-
-
False
-
prevent storing multiple conditions with conflicting action sets in the condition API
-
Bug Fix
-
-
-
Important
Description of problem:
Condition api should not allow to create few conditions with conflicted action set
Prerequisites (if any, like setup, operators/versions):
Steps to Reproduce
Condition API allows condition creation:
curl -X POST "http://localhost:7007/api/permission/roles/conditions" -d '{"result":"CONDITIONAL","pluginId":"catalog","resourceType":"catalog-entity","conditions":{"rule":"HAS_ANNOTATION","resourceType":"catalog-entity","params":{"annotation":"temp"}},"roleEntityRef":"role:default/div","permissionMapping":["read"]}' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v
Status: 201
But condition API also allows to create second conflicted condition(conflicted by action set):
curl -X POST "http://localhost:7007/api/permission/roles/conditions" -d '{"id":2,"result":"CONDITIONAL","pluginId":"catalog","resourceType":"catalog-entity","conditions":{"allOf":[{"rule":"HAS_ANNOTATION","resourceType":"catalog-entity","params":{"annotation":"temp"}},{"rule":"IS_ENTITY_KIND","resourceType":"catalog-entity","params":{"kinds":["api","component"]}}]},"roleEntityRef":"role:default/div","permissionMapping":["read","delete"]}' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v
Status: 201
Actual results:
Second request status code 201
Expected results:
Second request should be rejected with 409
