Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website

API permissions - User who has permission on DataSource cannot create Datapoint to that source.


  • A attempt will be awarded a 422 http code. "Must retain permission". Not a 401 "Not Authorized". So perhaps I am missing something.

    I am not sure if this makes sense. If the admin chooses to give a user edit access to a DataSource, it seems logical that that user should also be able to create DataPoints. If the admin is concerned with DataSource security, the admin should not give the user edit permission to the DataSource, but only to DataPoints.


  • What version of mango are you using?
    I've got users who have edit access to virtual datasources and are able to create their own points/save tags etc on the fly.

    Fox


  • Fox. Running Core 3.7.3.

    Admin creates new USER. Admin creates DataSource and gives READ and WRITE access to new user ONLY for that DataPoint.

    New USER can EDIT DataSource, but cannot create DataPoints .Both through GUI and API with JWT.

    Once Admin Creates a new DataPoint for that DataSource new user can edit that DataPoint.

    The intent of Permission to a DataSource works correctly after Admin has created one and assigned read/write permissions for that DataSource to a User, that User has edit/set ability to all DataPoints of that DataSource without that user having explicit read/write permission to those DataPoints. I guess permission inheritance works for this.


  • @balistar Correct, you need edit permissions for a Datasource for a user because what they are doing is amending the datasource in the order of its points. The read/edit permissions for points more directly relate to point values rather than amending the points themselves.


  • Thanks for your fast response.

    I am probably missing something.

    New DataSource created by Admin. User (emon3175585) given permission to edit the DataSource.

    0_1581985065225_Image 127.jpg

    Yet, when user (emon3175585) logs in, the user cannot create new DataPoint.

    0_1581985190960_Image 128.jpg


  • @balistar said in API permissions - User who has permission on DataSource cannot create Datapoint to that source.:

    emon3175585

    Your user emon3175585
    must have permission emon3175585 assigned to it for it to work.

    Fox


  • Naturally. But that was set already:

    0_1581992332387_Image 129.jpg


  • Strange the lack of role would explain the error...
    console is still giving you the same exact error??


  • There is no console error because there is no SAVE button to press.

    Using the API with JWT issued to user emon3175585:

    curl --location --request POST 'http://xx.xx.xx.xx:8080/rest/v2/data-points' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: Bearer eyJhbGciOiJFUzUxMiJ9.eyJzdWIiOiJlbW9uMzE3NTU4NSIsImV4cCI6MTU4MTk5NjgxMywiaWQiOjQsInYiOjEsInR5cCI6ImF1dGgifQ.AClqeOT6yAQCjGMYfXaMlDVgAcVOftGy3TSCrjxWat-Iz2yFut5nP4wntnE1xas3VtieFbxVwffbhmXwngPhHi8VAEFPPoaCD11unJ5_VTVWJkwnx73Eq8L2sbI9abLVM_CXXXXXXXXXXXXXX' \
    --data-raw '{
      "name": "test12-test2",
      "xid": "test12-test2",
      "dataSourceXid" : "test12",
      "pointLocator" : {
           "startValue" : "0",
           "modelType" : "PL.VIRTUAL",
           "dataType" : "NUMERIC",
           "settable" : true,
           "changeType" : "NO_CHANGE",
           "max": 100,
           "maxChange": 0.01,
           "min": 0
        }
    }'
    

    Results in error: 422 Unprocessable Entity

    {
      "result": {
        "messages": [
          {
            "level": "ERROR",
            "message": "Must retain permission",
            "property": "readPermission"
          },
          {
            "level": "ERROR",
            "message": "Must retain permission",
            "property": "setPermission"
          }
        ]
      },
      "mangoStatusCode": 4002,
      "mangoStatusName": "VALIDATION_FAILED",
      "localizedMessage": "Validation failed"
    }
    

  • I see now, I think you're missing properties!
    If you go to the swagger ui and pull a point by it's xid for an example, use that as a foundation and make your amendments, then fire that back in.
    EDIT: at least add your user to have read only permission or else it cannot pull it through,

    Fox


  • Thanks. My goal is to keep the API request JSON as small as possible, so I omitted as much as possible to the POST request to create a DP. Too much.

    You are right.

      "readPermission":"emon3175585",
      "setPermission":"emon3175585",
    

    needed to be added.

    {
      "name": "test12-test2",
      "xid": "test12-test2",
      "dataSourceXid" : "test12",
      "readPermission":"emon3175585",
      "setPermission":"emon3175585",
      "pointLocator" : {
           "startValue" : "0",
           "modelType" : "PL.VIRTUAL",
           "dataType" : "NUMERIC",
           "settable" : true,
           "changeType" : "NO_CHANGE",
           "max": 100,
           "maxChange": 0.01,
           "min": 0
        }
    }
    

    My concern is the API, so that is solved.

    The GUI DP creation permission may still have a problem as there is no SAVE button.


  • Save is a private call inside mango's mangoUI.
    You may as well use a controller, create a new point instance from the maPoint service, amend all of the values you need, then call

    myNewPoint.$save(); //this is a post call
    

    For amendments use

    myNewPoint.$update(); //this is a put call
    

    Attach those function calls to your own buttons, unless you're saying you're still having issues with the UI....


  • No need for MangoUI other than now and then do Admin stuff, We use our own Dashboards.

    0_1581995259249_Image 130.jpg

    The API will be used in device on-boarding. Admin creates User, JWT, DataSource (device). Sets new user role to DataSource. This info will be set in device, which creates its own DataPoints (15 to 50) and uploads measuring data to the system from then on.

    The JWT is not ideal from a security stand point, but good enough got us at the moment.

    0_1581995701589_Image 131.jpg


  • Looks like you've got it sorted, nicely done.