{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Developer Portal (Drupal-based) /
avatar image
4

SmartDocs role based access control  

  • Export to PDF
Chris Novak created · Jan 05, 2016 at 12:38 AM · 1.5k Views · edited · May 24, 2017 at 02:28 AM

You may want to read the content access overview before reading this document.

Overview

This article explains how you can add role based access control to the SmartDocs content in your Dev Portal.

For this example, we have the "Weather API" and "Petstore Example" SmartDocs models on our Dev Portal. We are going to add access control so that only users with the "pet store api" role can view the "Pet Store Example API" Smartdocs API documentation.

By default, when you click the APIs menu link on the site, you will see a listing of all published API models. You can see we have two API models published on the site:

If you click on either of the links above, it will display all the SmartDocs methods for each model. For this example, we are going to use the Taxonomy Access Control Drupal module to hide the "Pet Store Example API from anonymous and registered users, and create a new role in the system that we can give to users to allow them to view the "Pet Store Example API" documentation.

Each of the SmartDocs methods are called nodes in Drupal. The way we group each node to a model is by using Drupal taxonomy. If you log in as an admin to your site you can see there is a taxonomy vocabulary named "SmartDocs models" by clicking Structure > Taxonomy on the admin menu. If you click on "list terms", you will see that there is a term for each SmartDocs model:

If you click on "petstore_example", you will see the listing page of all the nodes (pages) associated with this taxonomy term.

The Taxonomy Access Control module allows us to associate a user role to each of these terms in order to only display these terms and associated nodes with specific roles.

We will now go through configuring this example step by step.

Step 1: Install and enable Taxonomy Access Control module

The Taxonomy Access Control module is not in our default Dev Portal release, so you will need to install the module first. Installing modules is not the scope of this article and there is a lot of information on how to do this on the Internet, but here is a quick overview:

  • If you are using Apigee cloud, you can add the module your site's code using Git, or use SFTP mode to upload the module.
  • If you are using our private cloud, use Drush to download the module (using the command "drush dl taxonomy_access") or download the module to your local computer, then scp it over to the sites/all/modules/contrib directory.

Once you have installed the module, as an admin go to Module in the admin bar, then search for the "Taxonomy Access Control". Enable it, then click "Save configuration on the bottom of the screen.

Rebuild permissions by going to: Reports -> Status report and clicking the "Rebuild Permissions" link under the Node Access Permissions row.

Step 2: Create a role to add users to that should see our Pet Store API documentation

Privileges in Drupal are not given to users directly, but to roles which users can have. To hide our documentation we need to create a role for the persons that have access to see the documentation.

As an admin, click on People > Permissions > Roles to view the current roles in the system. On the bottom of the page add a role named "pet store example api" and click "Add role":

Note that there are two default roles:

  • anonymous user: This role is given to anyone browsing the website who is not logged in.
  • authenticated user: This role is given to anyone logged in.

Step 3: Configure Taxonomy Access Control

We now need to configure the Taxonomy Access Control module, denying permission for "anonymous user" and authenticated users from viewing the Pet Store Example documentation, and granting access for anyone in the "petstore example api" role to view it.

Click on Configuration > People > Taxonomy access control, and you will now see a page listing the each role:

First, let's configure the anonymous user role to not view the Pet Store documentation.

  1. Click on "Configure" next to "anonymous user".
  2. Make sure the "Global default" has "View" set to "Allow", and "View Tag" is set to "Allow".
  3. Click on "Add vocabulary", select "SmartDocs models", then click "Add".
  4. Set the "SmartDocs models" default "View" to "Ignore" and set the "View Tag" to "Allow". This will make sure that by default all models can be viewed.
  5. Now, let's deny the Pet Store model by denying access. Click "Add term", pick "petstore_example" from the dropdown, change "View" to "Deny" and "View Tag" to "Deny".

Click "Save all" on the bottom of the screen.

This image should make it more clear of what the access rules should look like for anonymous user once you are done:

If you open up the API list on your site in a browser where you are not logged in, you should no longer see the Petstore Example API:

Now that we have the anonymous users properly configured, we need to do the same for authenticated users and users who have our new "pet store example api" role. Let's start with authenticated users:

  1. Click on Configuration > People > Taxonomy access control
  2. Click on "Configure" next to "authenticated user".
  3. Make sure the "Global default" has "View" set to "Allow", and "View Tag" is set to "Allow".
  4. Click on "Add vocabulary", select "SmartDocs models", then click "Add".
  5. Set the "SmartDocs models" default "View" to "Ignore" and set the "View Tag" to "Allow". This will make sure that by default all models can be viewed.
  6. Now, let's deny the Pet Store model by denying access to authenticated users. Click "Add term", pick "petstore_example" from the dropdown, change "View" to "Deny" and "View Tag" to "Deny".
  7. Click "Save all" on the bottom of the screen.

This image should make it more clear of what the access rules should look like for authenticated user once you are done:

If you open up the API list on your site in a browser where you are logged in, you should no longer see the Petstore Example API. Make sure to use a user that does not have an administrator or any other role.

OK, one more to go, we will now configure the "pet store example api" role:

  1. Click on Configuration > People > Taxonomy access control
  2. Click on "Configure" next to "pet store example api", and enable it if asked.
  3. Make sure the "Global default" has "View" set to "Allow", and "View Tag" is set to "Allow".
  4. Click on "Add vocabulary", select "SmartDocs models", then click "Add".
  5. Set the "SmartDocs models" default "View" to "Ignore" and set the "View Tag" to "Allow". This will make sure that by default all models can be viewed.

Since we do not need to deny access to any SmartDocs models for this role, we do not need to add and configure the "petstore_example" term.

Click "Save all" on the bottom of the screen. This image should make it more clear of what the access rules should look like for "pet store example api" role once you are done:

I hope this helps you understand how to configure access control for SmartDocs. You should not be able to understand how you can modify and change this example to suit your own needs.

More Resources

  • Taxonomy Access Control Module page
  • Taxonomy Access Control Documentation Page
  • Drupal taxonomies documentation
screen-shot-2016-01-05-at-70222-pm.png (48.4 kB)
screen-shot-2016-01-06-at-112901-am.png (65.5 kB)
screen-shot-2016-01-07-at-95252-am.png (80.0 kB)
1740-screen-shot-2016-01-05-at-70222-pm.png (48.4 kB)
1740-screen-shot-2016-01-05-at-70222-pm.png (48.4 kB)
thub.nodes.view.add-new-comment
Portal - DrupalSmartDocs
Add comment Show 2
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Satyendra Srivastava · Feb 12, 2018 at 04:27 PM 0
Link

@Chris Novak, @Anil Sagar

Hi

I got reference to this documentation while searching for role based access for API's in Dev Portal. We are on private cloud installation and I was trying to download taxonomy_access module as mentioned in this documentation. It sounds to me we are on higher version of drupal and this download is not available for us. Is this functionality is already included in apigee 4.17.05 installation? Here is the output of the commands to download.

--------------------

# drush version

Drush Version : 8.1.11

----------------

# drush dl taxonomy_access

No release history available for taxonomy_access 8.x. [error]

Could not download requested project(s). [error]

---------------

Is there any other way to achieve this functionality? I don't want Anonymous users to send request to API's listed in smartdocs. Once they login to Devportal they can try the operations and send requests.

avatar image Chris Novak ♦ Satyendra Srivastava · Feb 12, 2018 at 07:55 PM 0
Link

@Satyendra Srivastava, if you are in the webroot of your install it should pull the correct version of the module and place it in sites/all/modules/contrib for you. If you are not in the webroot of your Drupal install it will just download the module to that directory and you will need to install it.

Try using "drush dl taxonomy_access-7.x", since you are running Drupal 7 not Drupal 8, and make sure to put the module in the sites/all/modules/contrib directory.

More info on installing modules: https://www.drupal.org/docs/7/extend/installing-modules

More info on drush dl: https://drushcommands.com/drush-8x/pm/pm-download/

Article

Contributors

avatar image avatar image
Follow

Follow this article

8 People are following this .

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Navigation

SmartDocs role based access control

Related Articles

Content Access Control on Developer Portal SmartDocs Documentation

Documenting SOAP APIs on Devportal using the WSDL Docs Module - New Release

APIs for publishing SmartDocs on Developer Portal

Documenting SOAP APIs on Devportal using the WSDL Docs Module

How to customize SmartDocs so that I can test against different environments from the same page

SmartDocs - A custom module to your rescue - Fix for SmartDocs issues

SmartDocs and Swagger UI - A Comparison

How to add a left nav to SmartDocs Method page to list all operations of the current model

Apigee Developer Portal - Go Live Check List

Exception thrown while creating Smart Docs using JSON

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2019 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges