#33912 rest api to update asset permissions #33913
Open
+1,701
−101
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. New GET /permissions/{assetId} endpoint - View asset permissions with pagination, supporting all permissionable types (folders, hosts, contentlets, etc.)
2. Permission helper infrastructure - Added AssetPermissionHelper for building responses and ResponseEntityAssetPermissionsView for typed API responses, integrated via CDI
3. Documentation and tests - OpenAPI spec updates and comprehensive Postman test suite covering happy paths, pagination, validation, and error cases
…-api-to-update-asset-permissions
- PUT /api/v1/permissions/{assetId} - REST endpoint to save/update asset permissions (admin-only)
- Auto-breaks inheritance when saving on inheriting asset, supports ?cascade=true for async propagation
- Returns message, permissionCount, inheritanceBroken, and updated asset object
…-get-asset-permissions
- fix constructor calls
…-get-asset-permissions
- use immutables for views - use established paginator pattern to return paginated results - refactor assetPermissionHelper and return typed views.
…o-update-asset-permissions
- integration tests added for PUT /permissions/{assetId} - basic update, validation errors, inheritance breaking, security checks
- Pattern alignment - forms extend Validated with checkValid(), typed immutable response views, OpenAPI spec updates
- refactor and use permissionUtils and enums where applicable. - fix integration tests.
…-get-asset-permissions
hassandotcms
requested review from
fabrizzio-dotCMS,
freddyDOTCMS,
jcastro-dotcms and
nollymar
…o-update-asset-permissions
…-api-to-update-asset-permissions
...c/main/java/com/dotcms/rest/api/v1/system/permission/AbstractUpdateAssetPermissionsView.java
Show resolved
Hide resolved
dotCMS/src/main/java/com/dotcms/rest/api/v1/system/permission/RolePermissionForm.java
Outdated
Show resolved
Hide resolved
dotCMS/src/main/java/com/dotcms/rest/api/v1/system/permission/PermissionConversionUtils.java
Outdated
Show resolved
Hide resolved
| * @author dotCMS | ||
| * @since 24.01 | ||
| */ | ||
| public final class PermissionConversionUtils { |
Contributor
There was a problem hiding this comment.
I feel like this class needs a test
Contributor
There was a problem hiding this comment.
Which one is the test?
…s for type-safe permission handling
fabrizzio-dotCMS
approved these changes
Jan 8, 2026
hassandotcms
commented
Jan 8, 2026
| * names, and scope mappings used by the REST API. | ||
| */ | ||
| @Test | ||
| public void test_PermissionConversionUtils_conversions() { |
freddyDOTCMS
approved these changes
Jan 8, 2026
dario-daza
approved these changes
Jan 8, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Changes
Checklist
Additional Info
** any additional useful context or info **
Screenshots
This PR fixes: #33912