Allow users to create rules which reference actions which don't exist in the system when RBAC is enabled #3573
Conversation
(user can't create rules which reference actions which don't exist in the system when RBAC is enabled).
don't exist in the system when RBAC is enabled.
|
While looking into this I noticed we still have a bunch of OpenAPI related regressions - we are missing complete API model definitions (required fields, etc. - we simply have This should be fixed asap, because any regression in user friendliness is unacceptable. We have a couple of options, but as I mentioned many times in the past already, we need to get rid of duplicate definitions in API model files and openapi yaml. Since we already generate final openapi.yaml file, one option is to introspect API definitions in API model files for definitions which have To clarify - right now we have definitions for some models in openapi.yaml, but those are simply copy and pasted from API model files which is unacceptable (impossible to maintain, things will get out of sync and break). To replicate it, simply try to create a rule which doesn't contain a required field or just send an empty dict as data (same works for any other create operation for which we are missing definition in openapi file).
|
This reverts commit 0249de1.
This pull request fixes a bug which didn't allow users to create rules via API which reference actions which don't exist in the system.
In theory, we didn't really have any hard defined rules around that (allowing user to create rules which reference actions which don't exist in the system), but since when RBAC is not enabled, we allow user to do that, we should also allow that when RBAC is enabled.
Either that, or we shouldn't allow rules which reference an action which doesn't exist in the system to be created in both scenarios.
Resolves #3572.