Add mypermissions endpoint#5538
Conversation
… to readonly fields for improved clarity and consistency within the method.
|
|
||
| [ApiController] | ||
| [Route("api")] | ||
| [Authorize] |
There was a problem hiding this comment.
Will this work when auth is disabled? Will we assume that SP will not invoke this API when auth is disabled?
Instead we would use AllowAnonymous and have fallback logic.
There was a problem hiding this comment.
If auth is disabled this returns 403 and the tab isn't displayed by SP. Why would allowanonymous work here instead? What permissions should we return if there is no authorization?
| { | ||
| [HttpGet] | ||
| [Route("my/permissions/all")] | ||
| public ActionResult<PermissionsDescriptor> GetMyPermissions() |
There was a problem hiding this comment.
Maybe use all as that is part of the route?
| public ActionResult<PermissionsDescriptor> GetMyPermissions() | |
| public ActionResult<PermissionsDescriptor> GetAllPermissions() |
| public ActionResult<PermissionsDescriptor> GetMyPermissions() | ||
| { | ||
| var descriptor = new PermissionsDescriptor( | ||
| User.FindFirst("sub")?.Value ?? User.Identity?.Name ?? "unknown", |
There was a problem hiding this comment.
What are we returning here? a user Id or display name? Can't we assume sub to always exist and not be null when a user is authenticated?
| User.FindFirst("sub")?.Value ?? User.Identity?.Name ?? "unknown", | |
| User.FindFirst("sub"), |
There was a problem hiding this comment.
@WilliamBZA in:
I added configurable settings for these keys
There was a problem hiding this comment.
Will rebase once that's merged
| { | ||
| var descriptor = new PermissionsDescriptor( | ||
| User.FindFirst("sub")?.Value ?? User.Identity?.Name ?? "unknown", | ||
| GrantedPermissions().OrderBy(p => p, StringComparer.Ordinal).ToList()); |
There was a problem hiding this comment.
Do we really need to order server side? Should we always order client side anyway?
| GrantedPermissions().OrderBy(p => p, StringComparer.Ordinal).ToList()); | |
| GrantedPermissions() | |
| ).ToList()); |
2 participants
Adds 2 HTTP endpoints: