Role based access in Shiksha saathi user tabs

[Shruti3004]

Description

Some Roles are not returning proper data on hitting the API

How to reproduce

• CHT(P)/CRCC(P)

This is the list of curl requests which are returning improper data:

curl 'http://157.245.107.167:3005/admin/searchUser?startRow=0&numberOfResults=10&queryString=(registrations.roles:CHT(P)/CRCC(P))&applicationId=1ae074db-32f3-4714-a150-cc8a370eafd1' \
  -X 'OPTIONS' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
  -H 'Access-Control-Request-Headers: authorization,content-type' \
  -H 'Access-Control-Request-Method: GET' \
  -H 'Connection: keep-alive' \
  -H 'Origin: http://localhost:3000' \
  -H 'Referer: http://localhost:3000/' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36' \
  --compressed \
  --insecure

• CHT(Sec)/CRCC(Sec))

curl 'http://157.245.107.167:3005/admin/searchUser?startRow=0&numberOfResults=10&queryString=(registrations.roles:CHT(Sec)/CRCC(Sec))&applicationId=1ae074db-32f3-4714-a150-cc8a370eafd1' \
-X 'OPTIONS' \
-H 'Accept: */*' \
-H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
-H 'Access-Control-Request-Headers: authorization,content-type' \
-H 'Access-Control-Request-Method: GET' \
-H 'Connection: keep-alive' \
-H 'Origin: http://localhost:3000' \
-H 'Referer: http://localhost:3000/' \
-H 'Sec-Fetch-Mode: cors' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36' \
--compressed \
--insecure

• DIET OFFICE

curl 'http://157.245.107.167:3005/admin/searchUser?startRow=0&numberOfResults=10&queryString=(registrations.roles:DIET%20Office)&applicationId=1ae074db-32f3-4714-a150-cc8a370eafd1' \
-X 'OPTIONS' \
-H 'Accept: */*' \
-H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
-H 'Access-Control-Request-Headers: authorization,content-type' \
-H 'Access-Control-Request-Method: GET' \
-H 'Connection: keep-alive' \
-H 'Origin: http://localhost:3000' \
-H 'Referer: http://localhost:3000/' \
-H 'Sec-Fetch-Mode: cors' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36' \
--compressed \
--insecure

• State Project Office

curl 'http://157.245.107.167:3005/admin/searchUser?startRow=0&numberOfResults=10&queryString=(registrations.roles:State%20Project%20Office)&applicationId=1ae074db-32f3-4714-a150-cc8a370eafd1' \
-X 'OPTIONS' \
-H 'Accept: */*' \
-H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
-H 'Access-Control-Request-Headers: authorization,content-type' \
-H 'Access-Control-Request-Method: GET' \
-H 'Connection: keep-alive' \
-H 'Origin: http://localhost:3000' \
-H 'Referer: http://localhost:3000/' \
-H 'Sec-Fetch-Mode: cors' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36' \
--compressed \
--insecure

• State Project Director

curl 'http://157.245.107.167:3005/admin/searchUser?startRow=0&numberOfResults=10&queryString=(registrations.roles:State%20Project%20Director)&applicationId=1ae074db-32f3-4714-a150-cc8a370eafd1' \
-H 'Accept: */*' \
-H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InVGRnE4dHU5aEdxaXpUOHk2QzY1U3hKbGd4YyJ9.eyJhdWQiOiJmMGRkYjNmNi0wOTFiLTQ1ZTQtOGMwZi04ODlmODlkNGY1ZGEiLCJleHAiOjE2NjcyNzE4ODcsImlhdCI6MTY2NzIzNTg4NywiaXNzIjoiYWNtZS5jb20iLCJzdWIiOiIxNTgyOWVhNC1kNTdhLTRjNTItODU5ZS0wNTkwMDFjNjFiZmIiLCJqdGkiOiI3ZDliMjYyMy03ZDUzLTQ3MDItOTY3OS01Y2EyOWExNTlkNzciLCJhdXRoZW50aWNhdGlvblR5cGUiOiJQQVNTV09SRCIsImVtYWlsIjoic2FtYXJ0aC1hZG1pbkBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicHJlZmVycmVkX3VzZXJuYW1lIjoic2FtYXJ0aC1hZG1pbiIsImFwcGxpY2F0aW9uSWQiOiJmMGRkYjNmNi0wOTFiLTQ1ZTQtOGMwZi04ODlmODlkNGY1ZGEiLCJyb2xlcyI6WyJBZG1pbiIsIkNvbW11bmljYXRpb25zIiwiUHJpbmNpcGFsIiwic2Nob29sIl0sImF1dGhfdGltZSI6MTY2NzIzNTg4NywidGlkIjoiYTcxMzdkZWQtNmY1NS0xMGE4LTZmNWItZjc2ZGJkNzlhZTYwIiwidXNlckRhdGEiOnsiNzc2Mzg4NDctZGIzNC00MzMxLWIzNjktNTc2OGZkZmVkZWRkIjp7InJvbGVJZCI6IjVmOTU1NDg1MWU2ZTMzNGRiMmUxNzJmMyJ9LCJmMGRkYjNmNi0wOTFiLTQ1ZTQtOGMwZi04ODlmODlkNGY1ZGEiOnsicm9sZUlkIjoiNWVlOWQ3ZTZlNjgwNmU3NmE4NTUxOTQ4In0sInBob25lIjoiOTQxODAzMTM3MiIsInJvbGVEYXRhIjp7ImRpc3RyaWN0IjoiQUxMIn0sInJvbGVJZCI6IjVlZTFmMjY5OGVlNDAxNmI1MzgwOWNiNCJ9LCJodHRwczovL2hhc3VyYS5pby9qd3QvY2xhaW1zIjp7IngtaGFzdXJhLWFsbG93ZWQtcm9sZXMiOlsiQWRtaW4iLCJDb21tdW5pY2F0aW9ucyIsIlByaW5jaXBhbCIsInNjaG9vbCJdLCJ4LWhhc3VyYS1kZWZhdWx0LXJvbGUiOiJBZG1pbiIsIlgtSGFzdXJhLVVzZXItSWQiOiJzYW1hcnRoLWFkbWluIiwiWC1IYXN1cmEtTG9naW4tSWQiOiIxNTgyOWVhNC1kNTdhLTRjNTItODU5ZS0wNTkwMDFjNjFiZmIiLCJYLUhhc3VyYS1TY2hvb2wtSWQiOiJ1bmRlZmluZWQiLCJYLUhhc3VyYS1VZGlzZS1JZCI6InVuZGVmaW5lZCIsIlgtSGFzdXJhLURpc3RyaWN0IjoiQUxMIn0sInBvbGljeSI6ImVzYW13YWQifQ.G_OV9WbuW0gEKjUmNKqeykyK7HtM223RZm2qonhm_pfA07Itzk8AKmNOVJTFVwYjP-pu3fuLydWVxV2i0aheEmgXxNogeteXm4TubEa50GjElAtx70YVYX0aIo3BYihNUpN47AsTbmk8KEy-dKXIKrr5XbqjxDUdknluP5nnSZInoxCsP5kpqglL4bJWCnmqX9L-ZHcE8N9y6H_O13forLdsNq6Bn1U-aRBztCEaTn7DYfv4EbvtevnQ399pK1sBrS5uO2GMFvbYh931f_neBGBhBwqDrfC573Tsl6yLZIy-846z3QwHxc7qSJxa7ki2PV3tcGuL7O59pxblHjElBA' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/json' \
-H 'If-None-Match: W/"2a98-yj2b2VwW+zHAk5fnfDaUkjGRWpk"' \
-H 'Origin: http://localhost:3000' \
-H 'Referer: http://localhost:3000/' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36' \
--compressed \
--insecure

• Joint Director Inspection Cadre

curl 'http://157.245.107.167:3005/admin/searchUser?startRow=0&numberOfResults=10&queryString=(registrations.roles:Joint%20Director%20Inspection%20Cadre)&applicationId=1ae074db-32f3-4714-a150-cc8a370eafd1' \
-H 'Referer: http://localhost:3000/' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InVGRnE4dHU5aEdxaXpUOHk2QzY1U3hKbGd4YyJ9.eyJhdWQiOiJmMGRkYjNmNi0wOTFiLTQ1ZTQtOGMwZi04ODlmODlkNGY1ZGEiLCJleHAiOjE2NjcyNzE4ODcsImlhdCI6MTY2NzIzNTg4NywiaXNzIjoiYWNtZS5jb20iLCJzdWIiOiIxNTgyOWVhNC1kNTdhLTRjNTItODU5ZS0wNTkwMDFjNjFiZmIiLCJqdGkiOiI3ZDliMjYyMy03ZDUzLTQ3MDItOTY3OS01Y2EyOWExNTlkNzciLCJhdXRoZW50aWNhdGlvblR5cGUiOiJQQVNTV09SRCIsImVtYWlsIjoic2FtYXJ0aC1hZG1pbkBnbWFpbC5jb20iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwicHJlZmVycmVkX3VzZXJuYW1lIjoic2FtYXJ0aC1hZG1pbiIsImFwcGxpY2F0aW9uSWQiOiJmMGRkYjNmNi0wOTFiLTQ1ZTQtOGMwZi04ODlmODlkNGY1ZGEiLCJyb2xlcyI6WyJBZG1pbiIsIkNvbW11bmljYXRpb25zIiwiUHJpbmNpcGFsIiwic2Nob29sIl0sImF1dGhfdGltZSI6MTY2NzIzNTg4NywidGlkIjoiYTcxMzdkZWQtNmY1NS0xMGE4LTZmNWItZjc2ZGJkNzlhZTYwIiwidXNlckRhdGEiOnsiNzc2Mzg4NDctZGIzNC00MzMxLWIzNjktNTc2OGZkZmVkZWRkIjp7InJvbGVJZCI6IjVmOTU1NDg1MWU2ZTMzNGRiMmUxNzJmMyJ9LCJmMGRkYjNmNi0wOTFiLTQ1ZTQtOGMwZi04ODlmODlkNGY1ZGEiOnsicm9sZUlkIjoiNWVlOWQ3ZTZlNjgwNmU3NmE4NTUxOTQ4In0sInBob25lIjoiOTQxODAzMTM3MiIsInJvbGVEYXRhIjp7ImRpc3RyaWN0IjoiQUxMIn0sInJvbGVJZCI6IjVlZTFmMjY5OGVlNDAxNmI1MzgwOWNiNCJ9LCJodHRwczovL2hhc3VyYS5pby9qd3QvY2xhaW1zIjp7IngtaGFzdXJhLWFsbG93ZWQtcm9sZXMiOlsiQWRtaW4iLCJDb21tdW5pY2F0aW9ucyIsIlByaW5jaXBhbCIsInNjaG9vbCJdLCJ4LWhhc3VyYS1kZWZhdWx0LXJvbGUiOiJBZG1pbiIsIlgtSGFzdXJhLVVzZXItSWQiOiJzYW1hcnRoLWFkbWluIiwiWC1IYXN1cmEtTG9naW4tSWQiOiIxNTgyOWVhNC1kNTdhLTRjNTItODU5ZS0wNTkwMDFjNjFiZmIiLCJYLUhhc3VyYS1TY2hvb2wtSWQiOiJ1bmRlZmluZWQiLCJYLUhhc3VyYS1VZGlzZS1JZCI6InVuZGVmaW5lZCIsIlgtSGFzdXJhLURpc3RyaWN0IjoiQUxMIn0sInBvbGljeSI6ImVzYW13YWQifQ.G_OV9WbuW0gEKjUmNKqeykyK7HtM223RZm2qonhm_pfA07Itzk8AKmNOVJTFVwYjP-pu3fuLydWVxV2i0aheEmgXxNogeteXm4TubEa50GjElAtx70YVYX0aIo3BYihNUpN47AsTbmk8KEy-dKXIKrr5XbqjxDUdknluP5nnSZInoxCsP5kpqglL4bJWCnmqX9L-ZHcE8N9y6H_O13forLdsNq6Bn1U-aRBztCEaTn7DYfv4EbvtevnQ399pK1sBrS5uO2GMFvbYh931f_neBGBhBwqDrfC573Tsl6yLZIy-846z3QwHxc7qSJxa7ki2PV3tcGuL7O59pxblHjElBA' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36' \
-H 'Content-Type: application/json' \
--compressed

[choxx]

@Shruti3004 @Harshil-Jani Referring the curl request shared over Discord:

curl 'https://user.dst.samagra.io/admin/searchUser?startRow=0&numberOfResults=10&queryString=(username:BRCCUP_dharampur-1%20OR%20username:*BRCCUP_dharampur-1*)&applicationId=1ae074db-32f3-4714-a150-cc8a370eafd1' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
  -H 'Authorization: Bearer {{token}}' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/json' \
  -H 'Origin: http://localhost:3000' \
  -H 'Pragma: no-cache' \
  -H 'Referer: http://localhost:3000/' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: cross-site' \
  -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Linux"' \
  --compressed

I found that the queryString param you guys are using is not correct. I'm listing down the different (& correct) ways to apply filters:

1. Filter against an application ID: queryString=(registrations.applicationId: 1ae074db-32f3-4714-a150-cc8a370eafd1)
2. Filter against an application ID & Username (single): (registrations.applicationId: 1ae074db-32f3-4714-a150-cc8a370eafd1, username: bila_sadar_admin)
3. Filter against an application ID & Username (multiple): (registrations.applicationId: 1ae074db-32f3-4714-a150-cc8a370eafd1, username: bila_pri_sayar bila_sec_talai bila_pri_goalthai bila_pri_kothi)
4. Filter against an application ID & Username (wildcard): (registrations.applicationId: 1ae074db-32f3-4714-a150-cc8a370eafd1, username: bila_pri_b*)
5. Filter against an application ID & Role: (registrations.applicationId: 1ae074db-32f3-4714-a150-cc8a370eafd1, registrations.roles: BEEO)
6. Filter against an application ID, Role & Username: (registrations.applicationId: 1ae074db-32f3-4714-a150-cc8a370eafd1, registrations.roles: BEEO, username: shim_nerwa_beeo)

Note: registrations.applicationId must always be passed to list/search results in any tab (under queryString). And the extra query param applicationId is redundant entirely.

[choxx]

1. PATCH /admin/updateUser/:userId now accepts a registrations array in the request body:

    ...
    "registrations": [
        {
            "applicationId": "xxxx",
            "roles": [
                "role 1",
                "role 2",
                "role nl"
            ],
            "data": {
                ...
            }
        }
    ],
    ...

Checkout more on Fusion Auth docs, what all details can be passed in the array object: https://fusionauth.io/docs/v1/tech/apis/registrations#update-a-user-registration

2. PATCH /admin/updateUser/:userId now accepts another array named hasuraMutations in the request body:

    ...
    "hasuraMutations": [
        {
            "applicationId": "xxxx",
            "mutation": "pre-defined mutation identifier as configured via generic API approach in `.env` file",
            "payload": {
                // payload needed by mutation
            }
        }
    ],
    ...

Generic config in the .env file can be added like the example below:

APP_application_id_uuid='{
  "host": "${FUSIONAUTH_BASE_URL}",
  "hasura": {
    "graphql_url": "http://example.com/v1/graphql",
    "admin_secret": "my-hasura-admin-secret",
    "mutations": {
      "some-unique-mutation-identifier": "mutation someMutation($id: Int, $someKey: Int) {update_table(where: {id: {_eq: $id}}, _set: {some_key: $someKey}) {returning { id some_key } } }"
    }
  }
}'