Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
6.2.2, 6.2.3
-
1
-
Severity 3 - Minor
-
0
-
Description
Summary
Bamboo REST API documentation are missing information about body request, so developers/users attempting on running them can struggle on providing permissions.
Steps to Reproduce
/permissions/environment/{id}/groups/{name : (.+)?}
resource-wide template parameters
parameter | value | description |
---|---|---|
name | string | affected group |
id | string | deployment environment entity key |
Attempt on running any of the following endpoint:
curl -k -u ADMIN_USER:PASSWORD \ -H "Content-type: application/json" \ -H "Accept: application/json" \ -X DELETE http://myhost.com:8085/bamboo/rest/api/latest/permissions/environment/{id}/groups/{name : (.+)?}
Project Plan
http://myhost.com:8085/bamboo/rest/api/latest/permissions/projectplan/{key}/users/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/projectplan/{key}/groups/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/projectplan/{key}/roles/{name : (.+)?} [PUT, DELETE]
Plan
http://myhost.com:8085/bamboo/rest/api/latest/permissions/plan/{key}/users/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/plan/{key}/groups/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/plan/{key}/roles/{name : (.+)?} [PUT, DELETE]
Repository
http://myhost.com:8085/bamboo/rest/api/latest/permissions/repository/{id}/users/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/repository/{id}/groups/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/repository/{id}/roles/{name : (.+)?} [PUT, DELETE]
Project
http://myhost.com:8085/bamboo/rest/api/latest/permissions/global/users/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/global/groups/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/global/roles/{name : (.+)?} [PUT, DELETE]
Environment
http://myhost.com:8085/bamboo/rest/api/latest/permissions/environment/{id}/users/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/environment/{id}/groups/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/environment/{id}/roles/{name : (.+)?} [PUT, DELETE]
Deployment
http://myhost.com:8085/bamboo/rest/api/latest/permissions/deployment/{id}/users/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/deployment/{id}/groups/{name : (.+)?} [PUT, DELETE] http://myhost.com:8085/bamboo/rest/api/latest/permissions/deployment/{id}/roles/{name : (.+)?} [PUT, DELETE]
Expected Results
Error being thrown because no permission for deletion was passed
Actual Results
No error gets thrown or a warning message stating no permission was passed
Notes
Permission @RequestBody final List<String> permissionsToRemove should be passed on as list, e.g:
["READ","BUILD","WRITE"]
As a result, the REST API call in example given should be:
curl -k -u ADMIN_USER:PASSWORD \ -H "Content-type: application/json" \ -H "Accept: application/json" \ -d '["READ","BUILD","WRITE"]' -X DELETE http://myhost.com:8085/bamboo/rest/api/latest/permissions/environment/{id}/groups/{name : (.+)?}