API Product Role Access - default value

Not applicable

We are using the DevConnect Limit API Product by Role module in the Hosted Drupal developer portal in order to control access to API Products based on developer role. Currently, when a new Product is created, it gets set to "All logged-in developers" by default in API Product Role Access. is there a way to change the default to be only the "internal" developers? The majority of our APIs will be internal only and I'd prefer not to have them inadvertently exposed publicly if someone forgets to change this setting in the Dev Portal after creating a new product.

Thanks!

Mike:o

Solved Solved
2 7 969
1 ACCEPTED SOLUTION

Hmm, looking at the code for this module, the default behavior you described is "hard coded" into the module code.

    if ($product_roles === FALSE) {
      // If product roles variable is not set, then set default of all logged
      // in developers having access.
      $product_roles = array(DRUPAL_AUTHENTICATED_RID => DRUPAL_AUTHENTICATED_RID);
    }
    else {
      // Variable was found, explode it.
      $product_roles = explode(',', $product_roles);
    }

This means... if an administrator hasn't fiddled with the checkboxes for the roles, then "all authenticated users" (all logged-in developers) will have access.

I think your request is a reasonable one, though. It ought to be possible for an admin to specify the default access for any new product. It shouldn't be hard to do.

Let me look into it a little more....

Edit

ok, I've produced a module that implements the same RBAC access for API Products, and also allows you to specify the default set of roles that will be able to see any new API Product. Find it here. Give it a try and see if it works for you.

View solution in original post

7 REPLIES 7

Hmm, looking at the code for this module, the default behavior you described is "hard coded" into the module code.

    if ($product_roles === FALSE) {
      // If product roles variable is not set, then set default of all logged
      // in developers having access.
      $product_roles = array(DRUPAL_AUTHENTICATED_RID => DRUPAL_AUTHENTICATED_RID);
    }
    else {
      // Variable was found, explode it.
      $product_roles = explode(',', $product_roles);
    }

This means... if an administrator hasn't fiddled with the checkboxes for the roles, then "all authenticated users" (all logged-in developers) will have access.

I think your request is a reasonable one, though. It ought to be possible for an admin to specify the default access for any new product. It shouldn't be hard to do.

Let me look into it a little more....

Edit

ok, I've produced a module that implements the same RBAC access for API Products, and also allows you to specify the default set of roles that will be able to see any new API Product. Find it here. Give it a try and see if it works for you.

@Anil Sagar - you may want to be aware. Also maybe @gkoli@apigee.com .

@Dino , Yes, I came across same question when ever i have used / asked to use above module. @Chris Novak , How can we fix same ? We would love to submit a pull request. Any help is appreciated regarding same.

Thanks Dino!

We're working on getting this installed into our Test portal for testing and will get back to you with results.

@Dino - We've installed the extended version of the module to our "dev" portal for testing and it seems to work well. Is this something that might find its way into the standard module, or should I consider deploying it to higher environments?

Hi Mike - sorry about the delay in responding. For now this is not included into the standard devportal distribution. You can use it anyway, just check the disclaimers in the README.

Thanks, we do have it deployed to our LIVE portal now. Hopefully at some point this will find its way into the standard module and we can convert back. In the mean time, it's working well.