Fine tuning non-admin access to api_docs


#1

I followed the instructions on this link (http://blog.dreamfactory.com/share-api-docs-securely) to allow access to non-admin users to the swagger docs, but the user see in the docs the wrong endpoints he have access to.

Example: I allowed the user’s role to access api_docs, gs/_table/redir/ (GET)* and gs/_table/redir (POST), but in the swagger docs the user only see gs/table/redir (GET), which he is not supposed to have access to.

Is this a bug or do I need to do something else?

Some screenshots:

Role config

User’s docs

P.S.: I’m using DreamFactory 2.4.1.


#2

I see the same behavior. Can someone from the DF team weigh in?


#3

@drewpearce @DFCommunityManager Any thoughts on this?


#4

Confirmed this is not behaving as it should. Filing a bug/feature request.
For now, you will need to grant access to the whole service for it to be visible in API Docs. Sorry.


#5

for reference this is DF-1005


#6

Is this error fixed now? If not please let me know which source code files we need to check to fix this error.


#7

This is fixed, as well as some additional features to API Docs that got pushed in version 2.8.1.
Please update and enjoy.