Skip to content

Commit

Permalink
Update for removed check for privilege escalation for creating a user…
Browse files Browse the repository at this point in the history 
… and editing assigned roles (#127)

* docs: error response when external auth is enabled

In this case, the external authentication system is used to manage password change

* style: fix semantic issues

* edit error message

Co-authored-by: madeline-brennan <85683928+madeline-brennan@users.noreply.github.com>

* edit error message

Co-authored-by: madeline-brennan <85683928+madeline-brennan@users.noreply.github.com>

* edit doc comment

Co-authored-by: madeline-brennan <85683928+madeline-brennan@users.noreply.github.com>

* doc: adjust error message for removed privilege escalation

* doc: move response to appropriate area

* doc: update description

* doc: delete error response

* refactor: group status response

---------

Co-authored-by: Patrick Nyakoria <patrick.nyakoria@acrolinx.com>
Co-authored-by: madeline-brennan <85683928+madeline-brennan@users.noreply.github.com>
  • Loading branch information
@mrnyax @madeline-brennan
3 people committed Jul 4, 2023
1 parent 9c217de commit 456e38e
Showing 1 changed file with 23 additions and 54 deletions.
77 changes: 23 additions & 54 deletions apiary.apib
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2235,19 +2235,6 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
}
}

+ Response 403 (application/json)

// when you can't assign privileges you don't have when you create users
{
"links": {},
"error": {
"detail": "It's not possible to make these changes. You can only create or edit a user with privileges that also apply to your user account.",
"type": "insufficientPrivileges",
"title": "Insufficient privileges",
"status": 403
}
}

+ Response 409 (application/json)

// when the user was created more than once
Expand Down Expand Up @@ -2698,6 +2685,17 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
}
}

// when you can't assign Super Administrator role because you don't have the Super Administrator role when you create users
{
"links": {},
"error": {
"detail": "It's not possible to make these changes. You need Super Administrator role to create or edit a user with this role.",
"type": "insufficientPrivileges",
"title": "Insufficient privileges",
"status": 403
}
}

+ Response 409 (application/json)

// when the same user was created more than once
Expand Down Expand Up @@ -3146,20 +3144,6 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
}
}

+ Response 403 (application/json)

// when external authentication is enabled, you shouldn't be able to change the password through the API
{
"links": {},
"error": {
"reference": "82a781cb-059a-4039-a17d-af8e20bec019",
"detail": "The user isn't allowed to change the password.",
"type": "passwordChangeForbidden",
"title": "Password change is not allowed",
"status": 403
}
}

+ Response 404 (application/json)

// when the user couldn't be identified by its *id* in the database
Expand All @@ -3178,7 +3162,7 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:

You can update a user's role.
In this example, only the `roles` attribute will change for the user `fred`. This was identified in the database by its *id*. Each user needs at least one assigned role. This doesn't apply to built-in users. You can only grant privileges that you yourself have (privilege escalation). If you add a role that doesn't exist, the call will fail and the error message will show the unknown roles that were referenced.
In this example, only the `roles` attribute will change for the user `fred`. This was identified in the database by its *id*. Each user needs at least one assigned role. This doesn't apply to built-in users. You can only assign Super Administrator role if you have Super Administrator role. If you add a role that doesn't exist, the call will fail and the error message will show the unknown roles that were referenced.

+ Headers

Expand Down Expand Up @@ -3288,6 +3272,17 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
}
}

// when you can't assign Super Administrator role because you don't have the Super Administrator role when you edit users
{
"links": {},
"error": {
"detail": "It's not possible to make these changes. You need Super Administrator role to create or edit a user with this role.",
"type": "insufficientPrivileges",
"title": "Insufficient privileges",
"status": 403
}
}

+ Response 409 (application/json)

// when you try to update a built-in user
Expand Down Expand Up @@ -3517,19 +3512,6 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
}
}

+ Response 403 (application/json)

// when you can't assign privileges you don't have when you edit users
{
"links": {},
"error": {
"detail": "It's not possible to make these changes. You can only create or edit a user with privileges that also apply to your user account.",
"type": "insufficientPrivileges",
"title": "Insufficient privileges",
"status": 403
}
}

+ Response 404 (application/json)

// when a role wasn't found in the database based on its *id*
Expand Down Expand Up @@ -3682,19 +3664,6 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
}
}

+ Response 403 (application/json)

// when you can't assign privileges you don't have when you edit users
{
"links": {},
"error": {
"detail": "It's not possible to make these changes. You can only create or edit a user with privileges that also apply to your user account.",
"type": "insufficientPrivileges",
"title": "Insufficient privileges",
"status": 403
}
}

+ Response 404 (application/json)

// when a role wasn't found in the database based on its *id*
Expand Down

0 comments on commit 456e38e

Please sign in to comment.