Skip to content

Rest api to reset permissions for an asset [#33914] #33915

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hassandotcms wants to merge 24 commits into
base: main
Choose a base branch
from
Open

Rest api to reset permissions for an asset [#33914] #33915

hassandotcms wants to merge 24 commits into from

Conversation

@hassandotcms
Copy link
Contributor

@hassandotcms hassandotcms commented Nov 25, 2025
edited by github-actions bot
Loading

Proposed Changes

  • Reset API: PUT /api/v1/permissions/{assetId}/_reset removes individual permissions, making asset inherit from parent
  • Idempotency: Returns 409 Conflict if asset already inherits; includes previousPermissionCount in response
  • Admin-only: Restricted to admin users for safety

Checklist

  • Tests
  • Translations
  • Security Implications Contemplated (add notes if applicable)

Additional Info

** any additional useful context or info **

Screenshots

Original Updated
** original screenshot ** ** updated screenshot **

This PR fixes: #33914

@hassandotcms
modernize(permissions): rest api for get asset permissions (#33835)
0d3efd0 
1. New GET /permissions/{assetId} endpoint - View asset permissions with pagination, supporting all permissionable types (folders, hosts, contentlets, etc.)
2. Permission helper infrastructure - Added AssetPermissionHelper for building responses and ResponseEntityAssetPermissionsView for typed API responses, integrated via CDI
3. Documentation and tests - OpenAPI spec updates and comprehensive Postman test suite covering happy paths, pagination, validation, and error cases
@hassandotcms
Merge branch 'main' of https://github.com/dotCMS/core into 33912-rest…
66a71c4 
…-api-to-update-asset-permissions
@hassandotcms
modernize(permissions): rest api to update asset permission (#33912)
eb4c95b 
- PUT /api/v1/permissions/{assetId} - REST endpoint to save/update asset permissions (admin-only)
- Auto-breaks inheritance when saving on inheriting asset, supports ?cascade=true for async propagation
- Returns message, permissionCount, inheritanceBroken, and updated asset object
@hassandotcms
modernize(permissions): api to reset asset permission (#33914)
23eb435 
- Reset API: PUT /api/v1/permissions/{assetId}/_reset removes individual permissions, making asset inherit from parent
- Idempotency: Returns 409 Conflict if asset already inherits; includes previousPermissionCount in response
- Admin-only: Restricted to admin users for safety
@hassandotcms hassandotcms linked an issue Nov 25, 2025 that may be closed by this pull request
[TASK] Add rest api to reset permissions for an asset #33914
Open
@github-actions github-actions bot mentioned this pull request Nov 25, 2025
Open
@hassandotcms
Merge branch 'main' of https://github.com/dotCMS/core into 33835-view…
7ce68b6 
…-get-asset-permissions
@hassandotcms
modernize(permissions): get assets rest api. #33835
48ede67 
- fix constructor calls
@hassandotcms
Merge branch 'main' of https://github.com/dotCMS/core into 33835-view…
eef21c3 
…-get-asset-permissions
@hassandotcms
modernize(permissions): rest api to get asset permissions #33835
eee1c9a 
- use immutables for views
- use established paginator pattern to return paginated results
- refactor assetPermissionHelper and return typed views.
@hassandotcms
fix postman tests. #33835
1b80f3e
@hassandotcms
Merge branch '33835-view-get-asset-permissions' into 33912-rest-api-t…
5c7e249 
…o-update-asset-permissions
@hassandotcms
modernize(permissions): rest api to update asset permissions. #33912
e9b3be1 
- integration tests added for PUT /permissions/{assetId} - basic update, validation errors, inheritance breaking, security checks
- Pattern alignment - forms extend Validated with checkValid(), typed immutable response views, OpenAPI spec updates
@hassandotcms
- use enums for fixed strings.
d0cd079 
- refactor and use permissionUtils and enums where applicable.
- fix integration tests.
@hassandotcms
Merge branch 'main' of https://github.com/dotCMS/core into 33835-view…
1226f1f 
…-get-asset-permissions
@hassandotcms
- make Scope enum public.
cec9e22
@github-actions
Copy link

github-actions bot commented Dec 26, 2025

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.

@github-actions github-actions bot added the stale label Dec 26, 2025
@github-actions
Copy link

github-actions bot commented Jan 2, 2026

This PR was closed because it has been stalled with no activity.

@github-actions github-actions bot closed this Jan 2, 2026
@hassandotcms hassandotcms removed the stale label Jan 3, 2026
@hassandotcms hassandotcms reopened this Jan 3, 2026
@hassandotcms
Merge branch 'main' into 33835-view-get-asset-permissions
d20c32e
@hassandotcms
Merge branch '33835-view-get-asset-permissions' into 33912-rest-api-t…
a97a6aa 
…o-update-asset-permissions
@hassandotcms
improved the test to verify actual permission persistence (response +…
95c93a9 
… PermissionAPI)
@hassandotcms
Merge branch '33912-rest-api-to-update-asset-permissions' into 33914-…
c6dff3f 
…rest-api-to-reset-permissions-for-an-asset
@hassandotcms
modernize(permissions): rest api to reset permissions #33914
c31d114 
- Refactored reset permissions endpoint to use typed @Value.Immutable view class instead of Map<String, Object>, matching the pattern used by updateAssetPermissions.
@hassandotcms hassandotcms marked this pull request as ready for review January 5, 2026 13:39
dario-daza
dario-daza reviewed Jan 8, 2026
View reviewed changes
dotcms-postman/src/main/resources/postman/Permission_Resource.postman_collection.json
"request": {
"auth": {
"type": "basic",
"basic": [
Copy link
Contributor

@dario-daza dario-daza Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most of our collections configure authentication at the collection level. This prevents you from having to repeat the auth settings for every individual request.

You can check PagesResourceTests.json for a reference on how this is structured:

"auth": {
    "type": "bearer",
    "bearer": [
      {
        "key": "token",
        "value": "{{jwt}}",
        "type": "string"
      }
    ]
  },

Note that you will likely also need a Pre-request Script at the collection level to generate and assign the {{jwt}} variable.

jcastro-dotcms
jcastro-dotcms requested changes Jan 8, 2026
View reviewed changes
dotCMS/src/main/java/com/dotcms/rest/api/v1/system/permission/AssetPermissionHelper.java
} catch (Exception e) {
Logger.warn(this, String.format(
"Failed to trigger cascade for role %s: %s",
roleForm.getRoleId(), e.getMessage()));
Copy link
Contributor

@jcastro-dotcms jcastro-dotcms Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the method failed to cascade permissions, we need to call a method similar to buildUpdateResponse and set an error message indicating so.

dotCMS/src/main/java/com/dotcms/rest/api/v1/system/permission/PermissionResource.java

// Verify user is admin
if (!user.isAdmin()) {
Logger.warn(this, String.format(
Copy link
Contributor

@jcastro-dotcms jcastro-dotcms Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If not being an admin throws an exception, this should be Logger.error

dotCMS/src/main/java/com/dotcms/rest/api/v1/system/permission/PermissionResource.java

// Verify user is admin
if (!user.isAdmin()) {
Logger.warn(this, String.format(
Copy link
Contributor

@jcastro-dotcms jcastro-dotcms Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If not being an admin throws an exception, this should be Logger.error

nollymar
nollymar reviewed Jan 8, 2026
View reviewed changes
...rc/test/java/com/dotcms/rest/api/v1/system/permission/PermissionResourceIntegrationTest.java
// Note: With enum types, null values may be filtered by Jackson or cause
// NullPointerException during bit conversion. The test validates the form
// handles this gracefully.
} catch (BadRequestException | NullPointerException e) {
Copy link
Contributor

@nollymar nollymar Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does it expect a NullPointer or a BadRequest exception? I don't see how the expected output might be different if we always use the same test with the same input and the Jackson version is always the same

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nollymar nollymar nollymar left review comments

@dario-daza dario-daza dario-daza left review comments

@jcastro-dotcms jcastro-dotcms jcastro-dotcms requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[TASK] Add rest api to reset permissions for an asset

5 participants

@hassandotcms @nollymar @jcastro-dotcms @dario-daza