Skip to content
This repository has been archived by the owner on Feb 14, 2020. It is now read-only.

unsetting ACLs from (new) REST API doesn't work #569

Closed
baszoetekouw opened this issue Mar 6, 2015 · 1 comment
Closed

unsetting ACLs from (new) REST API doesn't work #569

baszoetekouw opened this issue Mar 6, 2015 · 1 comment
Assignees

Comments

@baszoetekouw
Copy link
Contributor

I'm trying to remove an ACL by using the REST API. The current connection looks like this:

curl -u user:pass -H "Content-type: application/json" --data-binary '' -v -X GET https://serviceregistry.surfconext.nl/janus/app.php/api/connections/1995.json

gives

{
    "allowAllEntities": false,
    "allowedConnections": [
        {
            "id": 490,
            "name": "https://my-acc.utsp.utwente.nl/shibboleth"
        }
    ],
...

I'm trying to reset this using:

curl -u user:pass -H "Content-type: application/json" --data-binary '{ "allowedConnections": [] }' -v -X PUT https://serviceregistry.surfconext.nl/janus/app.php/api/connections/1995.json

This results in a "201 Created", but the ACLs are unchanged:

{
    "allowAllEntities": false,
    "allowedConnections": [
        {
            "id": 490,
            "name": "https://my-acc.utsp.utwente.nl/shibboleth"
        }
    ],
...

I would expect the allowedConnections list to be empty, instead.

Similarly, when the allowedConnections has multiple entries:

{
    "allowAllEntities": false,
    "allowedConnections": [
        {
            "id": 490,
            "name": "https://my-acc.utsp.utwente.nl/shibboleth"
        },
        {
            "id": 532,
            "name": "https://data.3tu.nl/saml/metadata"
        },
        {
            "id": 1046,
            "name": "https://attribute-viewer.aai.switch.ch/shibboleth"
        },
        {
            "id": 1047,
            "name": "https://attribute-viewer.aai.switch.ch/interfederation-test/shibboleth"
        }
    ],
...

Now, trying to replace this list by a single entry using

curl -u user:pass -H "Content-type: application/json" --data-binary '{ "allowedConnections": [{"id": 1709}] }' -v -X PUT https://serviceregistry.surfconext.nl/janus/app.php/api/connections/1995.json

gives

{
    "allowAllEntities": false,
    "allowedConnections": [
        {
            "id": 532,
            "name": "https://data.3tu.nl/saml/metadata"
        },
        {
            "id": 1046,
            "name": "https://attribute-viewer.aai.switch.ch/shibboleth"
        },
        {
            "id": 1047,
            "name": "https://attribute-viewer.aai.switch.ch/interfederation-test/shibboleth"
        },
        {
            "id": 1709,
            "name": "https://smartsecureyourself.mindgame.eu"
        }
    ],
...

So, randomly one of the entities in the ACL list was replaced by the new one I specified...

I would expect a PUT request with a allowedConnections list would replace the entire list (even if it is empty), regardless of the original list.

@baszoetekouw
Copy link
Contributor Author

Verified on test2

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants