Everything in the following blog post pertains to API Connect version 10.0.5.6+. Some introductory information on using the Portal Admin CLI can be found at https://www.ibm.com/docs/en/api-connect/10.0.5.x_lts?topic=cli-getting-started-portal-commands if you aren’t familiar with the process.
Introduction
Drupal User Role management was previously a task confined to the Drupal Admin UI. Starting from API Connect 10.0.7.0, you can complete the full lifecycle of Drupal User Roles using the Portal Admin CLI or via HTTP requests on these routes. The lifecycle includes creation and deletion of new roles as well as adding and removing permissions to roles.
List roles and Get a specific one
-
Login to the Portal Admin CLI
apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>
-
Get a specific Role
apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:get portal_cli_blog
-
List All Roles
apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:list
When using the list command you can also use the flag --fliter_by_permission which will return all the roles that currently have that permission. In addition, you can also filter by a specific role with the list command as well by providing the --role flag.
Create a Role
-
Login to the Portal Admin CLI
apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>
-
Create role
apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:create --machine_name "portal_cli_blog" --human_readable_name "Portal CLI Blog"
It is easy and simple to create a role. You must provide a `machine_name` and a human_readable_name. The machine_name is what is used by Drupal to refer to the role
and must only contain lowercase letters, numbers, and underscores. The human_readable_name is what is displayed to the end user on the UI and can contain other characters such as spaces.
Adding Permissions to a Role
-
Login to the Portal Admin CLI
apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>
-
Add permissions to desired role
apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:add-permission portal_cli_blog --permissions="access comments,access content,access shortcuts"
The permissions flag is a list of the permissions you would like to add to your desired role. Multiple permissions can be added in one command call and they must be provided as a comma separated list. When adding permissions to roles they must exist otherwise the command will return the error of
- [error] Permission(s) not found: fake permission
Remove Permissions from a Role
-
Login to the Portal Admin CLI
apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>
-
Remove unwanted permission(s) from a role
apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:remove-permission portal_cli_blog --permissions="access comments"
Just like adding permissions you can remove multiple permissions in one command run by providing a comma separated list of permissions. If you try and remove a permission that doesn’t exist on the role will return the error of
- [error] Permission(s) not found: perm not on role
Delete a Role
-
Login to the Portal Admin CLI
apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>
-
Delete a specific role
apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:delete portal_cli_blog
If you try and delete a role that doesn’t exist you will receive the error of
- [error] Unable to load the user_role: no_role
Conclusion
All these commands help facilitate the process adding creating new roles and adding permissions and to said new new or existing roles. These can be integrated into a CI/CD process if needed where roles of your custom modules can be read and added to the roles you desire without having to think about it too much.
#APIConnect #developerportal #portal #drupal #portalcli