Release notes

2025r1

Permissions only for active modules in publication API and BAPI 2.0

The publication API uses the BAPI 2.0 framework, which means some calls might behave or look differently. For now, it is the only API using this framework.

In the BAPI 2.0 framework, the permissions required for the API user are calculated based on the data model, meaning the permissions defined in the Mediagenix Base platform for certain modules and concepts.

Previously, this framework did not filter the permissions based on the active or inactive modules.

Specifically in the publication API, when sending a GET /publication-snapshots/{publicationSnapshotId} call, the response body contains, among others, the contentId attribute (see the Explorer). This contains the external reference of the content corresponding to the publication record, which can be a product or episode but also a trailer, commercial or music clip.

However, previously, when the API user did not have permission for all these content types because not all modules were active, the user would get the following error when sending the call:

{
  "statusCode": "403",
  "message": "The account being accessed does not have sufficient permissions to execute this operation.",
  "timestamp": "2021-07-06T09:23:56Z"
}

This was not correct because if a certain module is not active, it will not be used in other concepts either, and this permission should not be checked.

For example, if the Music Clip Management module is not active, music clips will not be linked to publication records so the Music Clip Management permission should not be required for the call.

From this version, the permission checking in the BAPI 2.0 framework, meaning the publication API and any future APIs, will only happen based on the active modules.

In the example, the Music Clip Management will no longer be required for these calls and the error message no longer appears.

The YAML was not changed for this update.