Skip to content

MODEXPW-635 - Add request permissions to retrieve user and contributor name types #380

Open
markusweigelt wants to merge 1 commit into
masterfrom
MODEXPW-635
Open

MODEXPW-635 - Add request permissions to retrieve user and contributor name types #380
markusweigelt wants to merge 1 commit into
masterfrom
MODEXPW-635

Conversation

@markusweigelt

@markusweigelt markusweigelt commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

MODEXPW-635 - Add request permissions to retrieve user and contributor name types

Purpose

The order-email template context added in mod-data-export-worker (OrderEmailContextMapper) makes two new by-id item GETs — GET users/{id} and GET contributor-name-types/{id} - to resolve the order's createdByUser and the contributors' name types. The worker runs the EDIFACT orders export under the token/permissions granted by mod-data-export-spring, which did not permit either call, so both would fail with 403 at runtime.

Approach

  • Add users.item.get and inventory-storage.contributor-name-types.item.get to descriptors/ModuleDescriptor-template.json, mirroring the existing inventory-storage.identifier-types.item.get placement.
  • Both perms are granted in all four relevant blocks: the POST /data-export-spring/jobs and POST /data-export-spring/jobs/send handler modulePermissions, the visible data-export.edifact.orders.create permissionSet, and the system user's user.permissions.

Grant users.item.get and inventory-storage.contributor-name-types.item.get
on the POST /jobs and /jobs/send handlers, the system user, and
system-user-permissions.csv, so the worker can resolve createdByUser and
contributor name types when building the EDIFACT order-email context.
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant