Azure DevOps API Feed管理-设置Feed权限不起作用

问题描述 投票:0回答:1

我想通过API设置Azure DevOps Artifact feed的ACL,

所以我关注https://docs.microsoft.com/en-us/rest/api/azure/devops/artifacts/feed%20%20management/set%20feed%20permissions?view=azure-devops-rest-5.0

..我的要求是:

curl --location --request PATCH 'https://feeds.dev.azure.com/kagarlickij/test/_apis/packaging/Feeds/335ffcb7-d09a-424a-8359-4d912922e422/permissions?api-version=5.0-preview.1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic O***E=' \
--data-raw '[
    {
        "role": "administrator",
        "identityDescriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;[email protected]",
        "displayName": null,
        "isInheritedRole": false
    },
    {
        "role": "administrator",
        "identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-1",
        "displayName": null,
        "isInheritedRole": true
    },
    {
        "role": "contributor",
        "identityDescriptor": "Microsoft.TeamFoundation.ServiceIdentity;7a539633-289b-4efc-ac2e-e475ef28cdc3:Build:c1341550-0e06-4026-ba84-6825bdcdcdb7",
        "displayName": null,
        "isInheritedRole": false
    }
]'

我正在得到预期的答复:

{
    "count": 3,
    "value": [
        {
            "role": "administrator",
            "identityDescriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;[email protected]",
            "displayName": null,
            "isInheritedRole": false
        },
        {
            "role": "administrator",
            "identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-1",
            "displayName": null,
            "isInheritedRole": false
        },
        {
            "role": "contributor",
            "identityDescriptor": "Microsoft.TeamFoundation.ServiceIdentity;7a539633-289b-4efc-ac2e-e475ef28cdc3:Build:c1341550-0e06-4026-ba84-6825bdcdcdb7",
            "displayName": null,
            "isInheritedRole": false
        }
    ]
}

但是当我通过Azure DevOps UI检查ACL或未应用API更改时(我仍然有4个实体):

curl --location --request GET 'https://feeds.dev.azure.com/kagarlickij/_apis/packaging/Feeds/675fc46d-d757-42a9-b3f2-a12aca38057c/permissions?api-version=5.0-preview.1' \
--header 'Authorization: Basic O***E='
{
    "count": 4,
    "value": [
        {
            "role": "administrator",
            "identityDescriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;[email protected]",
            "displayName": null,
            "isInheritedRole": false
        },
        {
            "role": "administrator",
            "identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-1",
            "displayName": null,
            "isInheritedRole": true
        },
        {
            "role": "contributor",
            "identityDescriptor": "Microsoft.TeamFoundation.ServiceIdentity;7a539633-289b-4efc-ac2e-e475ef28cdc3:Build:c1341550-0e06-4026-ba84-6825bdcdcdb7",
            "displayName": null,
            "isInheritedRole": false
        },
        {
            "role": "reader",
            "identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-3",
            "displayName": null,
            "isInheritedRole": true
        }
    ]
}

任何想法为什么会失败以及如何使其起作用?

azure-devops
1个回答
1
投票

您需要将角色设置为“无”或“ 1”以删除帐户的权限。只是不将帐户包括在请求中将不会删除权限。

请检查以下示例:将角色设置为“无”以删除其权限。

        {
            "role": "none",
            "identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-3",
            "displayName": null,
            "isInheritedRole": true
        }

或将角色设置为“ 1”以删除其权限。

            {
                "role": "1",
                "identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-3",
                "displayName": null,
                "isInheritedRole": true
            }

下面是数字及其与许可的映射:

"1"-->"none"  #remove 
"2"-->"reader"
"3"-->"contributor"
"4"-->"owner"
"5"-->"collaborator"
© www.soinside.com 2019 - 2024. All rights reserved.