Dear Frank,
We return 412 when the preconditions fail.
The number of request headers that can be used to apply conditions to a
request:
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Since my request does not contains the stated headers, there won't be
412. Thanks for pointing me to clarify and correct my understanding.
412:
description: |
Precondition Failed.
The request has not been performed because one of the
preconditions is not met.
schema:
$ref: '#/definitions/Error'
This should be removed from the response.
Thanks & Regards,
*S.Meruja* |Software Engineer | WSO2 Inc.
(m) +94779650506 | Email: [email protected]
Linkedin: https://www.linkedin.com/in/meruja
<https://www.google.com/url?q=https://www.linkedin.com/in/meruja>
Medium: https://medium.com/@meruja
<http://wso2.com/signature>
On Mon, May 25, 2020 at 10:23 PM Frank Leymann <[email protected]> wrote:
> Dear Meruja,
>
> when would we return a 412?
>
> Best regards,
> Frank
>
>
>
>
> Am Fr., 22. Mai 2020 um 15:42 Uhr schrieb Meruja Selvamanikkam <
> [email protected]>:
>
>> Hi all,
>>
>> We are in the process of implementing an API to get the scope list of a
>> particular user.
>> Following will be the notations of the new API:
>> *GET api/am/admin/v1/settings/scopes?userId=<value>*
>>
>> Please find the swagger definition below:
>>
>> /settings/scopes:
>> #-----------------------------------------------------
>> # Retrieve scope settings
>> #-----------------------------------------------------
>> get:
>> security:
>> - OAuth2Security:
>> - apim:admin_settings
>> x-wso2-curl: "curl -k -H \"Authorization: Bearer
>> ae4eae22-3f65-387b-a171-d37eaa366fa8\" -X POST \"
>> https://localhost:9443/api/am/admin/v1/settings/scopes?userId=890a4f4d-09eb-48
>> <https://localhost:9443/api/am/admin/v1/settings/scopes?userId=890a4f4d-09eb-4877-a323-57f6ce2ed79b%5C>
>> ""
>> x-wso2-request: |
>> GET
>> https://localhost:9443/api/am/admin/v1/settings/scopes?userId=890a4f4d-09eb-48
>> <https://localhost:9443/api/am/admin/v1/settings/scopes?userId=890a4f4d-09eb-4877-a323-57f6ce2ed79b>
>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8
>> x-wso2-response: "HTTP/1.1 200 OK"
>> summary: Retrieve scopes for a particular user
>> description: |
>> This operation will return the scope list of particular user
>> In order to get it, we need to pass the userId as a query
>> parameter
>> parameters:
>> - name: userId
>> in: query
>> type: string
>> required: true
>> tags:
>> - Settings
>> responses:
>> 200:
>> description: |
>> OK.
>> Scopes for a particular user retrieved successfully.
>> 400:
>> description: |
>> Bad Request.
>> Invalid request or validation error
>> schema:
>> $ref: '#/definitions/Error'
>> 404:
>> description: |
>> Not Found.
>> Requested user does not exist.
>> schema:
>> $ref: '#/definitions/Error'
>> 412:
>> description: |
>> Precondition Failed.
>> The request has not been performed because one of the
>> preconditions is not met.
>> schema:
>> $ref: '#/definitions/Error'
>>
>> Highly appreciate your thoughts and suggestions.
>>
>> Thanks & Regards,
>> *S.Meruja* |Software Engineer | WSO2 Inc.
>> (m) +94779650506 | Email: [email protected]
>> Linkedin: https://www.linkedin.com/in/meruja
>> <https://www.google.com/url?q=https://www.linkedin.com/in/meruja>
>> Medium: https://medium.com/@meruja
>> <http://wso2.com/signature>
>>
>>
>> On Mon, May 11, 2020 at 9:37 PM Meruja Selvamanikkam <[email protected]>
>> wrote:
>>
>>> Hi all,
>>>
>>> Thank you for your suggestions
>>>
>>> I have a few concerns regarding validating the subscriber permissions of
>>>> the input application owner using the default subscriber role(Internal
>>>> subscriber). Since the REST API and portal access are based on the
>>>> scope-role mapping which is maintained in tenant-conf.json, a subscriber
>>>> user does not necessarily have the *Internal/subscriber* role. If a
>>>> new role mapping to app management, subscriptions related scopes has been
>>>> introduced with custom roles, then the validation should be done against
>>>> those roles as well.
>>>>
>>>
>>> I agree with you. For previous versions, we have a default subscriber
>>> role in the configuration file and checked role-based permission for a
>>> particular feature. From 3.1.0 onwards, we have a scope-role mapping.
>>> In this case, we cannot validate the user role.
>>>
>>> Hence, we should be validating whether any of the roles assigned to that
>>>> particular user has bare scope based minimum access to API subscriptions,
>>>> app management resources. So the validation should be based on the
>>>> role-scope mapping.
>>>>
>>>> ie: If the user's role 'roleA' has role-scope mappings for 'apim:subscribe'
>>>> and 'apim:app_manage' scopes, then that particular user is eligible as
>>>> a new owner of a given application.
>>>> WDYT?
>>>>
>>> Yes, we need to validate against the scope.
>>>
>>>
>>> Thanks & Regards,
>>> *S.Meruja* |Software Engineer | WSO2 Inc.
>>> (m) +94779650506 | Email: [email protected]
>>> Linkedin: https://www.linkedin.com/in/meruja
>>> <https://www.google.com/url?q=https://www.linkedin.com/in/meruja>
>>> Medium: https://medium.com/@meruja
>>> <http://wso2.com/signature>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>> _______________________________________________
>> Architecture mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
