[MGNLGQL-164] GraphQL in 6.3: Cannot access GraphQL app and GraphQL API Created: 08/Sep/23  Updated: 17/Jan/24  Resolved: 19/Dec/23

Status: Closed
Project: Magnolia GraphQL
Component/s: None
Affects Version/s: None
Fix Version/s: 2.0.0

Type: Bug Priority: Neutral
Reporter: Anh Vu Assignee: Quach Hao Thien
Resolution: Fixed Votes: 0
Labels: VN-Maintenance, dx-core-6.3
Remaining Estimate: Not Specified
Time Spent: 1.75d
Original Estimate: Not Specified

Attachments: PNG File image-2023-09-08-10-40-05-775.png     PNG File image-2023-09-08-10-42-12-464.png     PNG File image-2023-09-08-10-43-09-872.png     PNG File image-2023-09-08-10-44-29-502.png     PNG File image-2023-09-08-10-56-38-837.png     PNG File image-2023-09-08-10-56-50-419.png    
Issue Links:
relation
is related to MGNLRES-404 Create resources-editor role that all... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Release notes required:
Yes
Date of First Response:
Epic Link: Sane Default Roles & Groups
Team: DeveloperX
Work Started:
Approved:
Yes

 Description   

With "superuser" account users cannot access GraphQL app or GraphQL API.

Steps to reproduce:
1. Run dx-core webapp and login with "superuser" account
2. Access GraphQL app or call GraphQL API

 

Actual result:
GraphQL app: The user is redirected to the login page

GraphQL API: The user gets 403 response status code

 

Expected result: 
The user should be able to access both GraphQL app and GraphQL API

Workaround:
1. Grant web access permission "/.*" in Security app to superuser

2. Another way is that we can create a new user account with superuser role and then use the user to access GraphQL

Note:

The issue is that "superuser" account does not have permission to access "./*" url pattern.

See logs below:

 



 Comments   
Comment by Quach Hao Thien [ 19/Dec/23 ]

RN: Since 2.0, the graphql-developer user role, which is assigned to the developers user group, is required to access GraphQL App and API

Generated at Mon Feb 12 05:53:12 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.