3 Replies Latest reply on Jun 16, 2016 7:08 AM by Bryce Gilhooly

    REST API appliedEntitlements issue

    devops@bainsight.com

      We have an issue with appliedEntitlements REST API call for places containing deny permissions.

       

      Steps to reproduce:

       

      1. Create a space.

      2. Go to Admin Console, Space Permissions.

      3. Select the created space and click "Create a user override".

      4. Select a user, then click "Set Exception".

      5. Select "No access (this User will not be able to view the space)", click "Save"

      6. Send an appliedEntitlements REST API call (/places/{placeID}/appliedEntitlements) for the created space.

       

      Result: HTTP error code 500 (Internal Server Error)

       

      This is the right place to report it?

        • Re: REST API appliedEntitlements issue
          Bryce Gilhooly

          Massood Zarrabian

           

          The account that you selected "No Access" for, is this the same account that you're making the API call with?

           

          I replicated your steps using my 'service account', and when I restricted the service account access at a space level, I was getting a 500 (unexpected).

          My service account also had Full Access at a system level, which does say "Full access supercedes all other permissions, at the space level and beyond."

          When I took Full Access off of my service account, with the space level restriction in place, I had a 403 returned (expected)

          When I added Full Access back, leaving the space level restriction in place, data was returned (expected)

           

          Not sure if the account you are testing with had Full Access or not, but I think it's a bug.

           

          I would report the issue in your Jive support group so it can be filed as a bug and tracked appropriately.

           

          Hope that helps?

          Bryce.

            • Re: REST API appliedEntitlements issue
              devops@bainsight.com

              Hi Bryce,

               

              "No Access" is set to a normal user. API call is made using OAuth, and a different user (a Jive administrator having full access at system level) is used during the authorization process to get access token. API call is failed if "No Access" is set to any users, and is success if no "No Access" is used at all.

               

              It is a big problem for us, because we can't get any permissions at all for spaces where "No Access" is used.

                • Re: REST API appliedEntitlements issue
                  Bryce Gilhooly

                  Hey Massood,

                   

                  I gave a "Normal" account the "No Access" permission, then did a get request ('/places/178339/appliedEntitlements') with my full access "Service" account and received a 200 with the following payload:

                  {

                      "comment":  false,

                      "create":  false,

                      "objectType":  "@all",

                      "person":  "https://abc.xyz.com/api/core/v3/people/5918",

                      "rate":  false,

                      "read":  false,

                      "vote":  false,

                      "type":  "appliedEntitlement"

                  }

                  For what it's worth, I'm testing this on an Internal Cloud instance.

                   

                  To answer your initial question, I would post this in your private Jive group and get their take. Sounds like we're getting different treatment for the same steps.

                   

                  Hope that helps,

                  Bryce.