我想通过API设置Azure DevOps Artifact feed的ACL,
..我的要求是:
curl --location --request PATCH 'https://feeds.dev.azure.com/kagarlickij/test/_apis/packaging/Feeds/335ffcb7-d09a-424a-8359-4d912922e422/permissions?api-version=5.0-preview.1' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic O***E=' \
--data-raw '[
{
"role": "administrator",
"identityDescriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;00064000B0953ABC@Live.com",
"displayName": null,
"isInheritedRole": false
},
{
"role": "administrator",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-1",
"displayName": null,
"isInheritedRole": true
},
{
"role": "contributor",
"identityDescriptor": "Microsoft.TeamFoundation.ServiceIdentity;7a539633-289b-4efc-ac2e-e475ef28cdc3:Build:c1341550-0e06-4026-ba84-6825bdcdcdb7",
"displayName": null,
"isInheritedRole": false
}
]'
我正在得到预期的答复:
{
"count": 3,
"value": [
{
"role": "administrator",
"identityDescriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;00064000B0953ABC@Live.com",
"displayName": null,
"isInheritedRole": false
},
{
"role": "administrator",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-1",
"displayName": null,
"isInheritedRole": false
},
{
"role": "contributor",
"identityDescriptor": "Microsoft.TeamFoundation.ServiceIdentity;7a539633-289b-4efc-ac2e-e475ef28cdc3:Build:c1341550-0e06-4026-ba84-6825bdcdcdb7",
"displayName": null,
"isInheritedRole": false
}
]
}
但是当我通过Azure DevOps UI检查ACL或未应用API更改时(我仍然有4个实体):
curl --location --request GET 'https://feeds.dev.azure.com/kagarlickij/_apis/packaging/Feeds/675fc46d-d757-42a9-b3f2-a12aca38057c/permissions?api-version=5.0-preview.1' \
--header 'Authorization: Basic O***E='
{
"count": 4,
"value": [
{
"role": "administrator",
"identityDescriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;00064000B0953ABC@Live.com",
"displayName": null,
"isInheritedRole": false
},
{
"role": "administrator",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-1",
"displayName": null,
"isInheritedRole": true
},
{
"role": "contributor",
"identityDescriptor": "Microsoft.TeamFoundation.ServiceIdentity;7a539633-289b-4efc-ac2e-e475ef28cdc3:Build:c1341550-0e06-4026-ba84-6825bdcdcdb7",
"displayName": null,
"isInheritedRole": false
},
{
"role": "reader",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-3",
"displayName": null,
"isInheritedRole": true
}
]
}
任何想法为何会失败以及如何使其起作用?
答案 0 :(得分:1)
您需要将角色设置为“无”或“ 1”以删除帐户的权限。只是不将帐户包括在请求中将不会删除权限。
请检查以下示例:将角色设置为“无”以删除其权限。
{
"role": "none",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-3",
"displayName": null,
"isInheritedRole": true
}
或将角色设置为“ 1”以删除其权限。
{
"role": "1",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-3",
"displayName": null,
"isInheritedRole": true
}
下面是数字及其与权限的对应关系:
"1"-->"none" #remove
"2"-->"reader"
"3"-->"contributor"
"4"-->"owner"
"5"-->"collaborator"