我想通过API、设置Azure DevOps工件提要的ACL
所以我在关注https://learn.microsoft.com/en-us/rest/api/azure/devops/artifacts/feed%20%20management/set%20feed%20permissions?view=azure-devops-rest-5.0
我的请求是:
curl --location --request PATCH 'https://feeds.dev.azure.com/kagarlickij/test/_apis/packaging/Feeds/335ffcb7-d09a-424a-8359-4d912922e422/permissions?api-version=5.0-preview.1'
--header 'Content-Type: application/json'
--header 'Authorization: Basic O***E='
--data-raw '[
{
"role": "administrator",
"identityDescriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;00064000B0953ABC@Live.com",
"displayName": null,
"isInheritedRole": false
},
{
"role": "administrator",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-1",
"displayName": null,
"isInheritedRole": true
},
{
"role": "contributor",
"identityDescriptor": "Microsoft.TeamFoundation.ServiceIdentity;7a539633-289b-4efc-ac2e-e475ef28cdc3:Build:c1341550-0e06-4026-ba84-6825bdcdcdb7",
"displayName": null,
"isInheritedRole": false
}
]'
我得到了预期的回应:
{
"count": 3,
"value": [
{
"role": "administrator",
"identityDescriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;00064000B0953ABC@Live.com",
"displayName": null,
"isInheritedRole": false
},
{
"role": "administrator",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-1",
"displayName": null,
"isInheritedRole": false
},
{
"role": "contributor",
"identityDescriptor": "Microsoft.TeamFoundation.ServiceIdentity;7a539633-289b-4efc-ac2e-e475ef28cdc3:Build:c1341550-0e06-4026-ba84-6825bdcdcdb7",
"displayName": null,
"isInheritedRole": false
}
]
}
但当我通过Azure DevOps UI或API检查ACL时,没有应用更改(我仍然有4个实体(:
curl --location --request GET 'https://feeds.dev.azure.com/kagarlickij/_apis/packaging/Feeds/675fc46d-d757-42a9-b3f2-a12aca38057c/permissions?api-version=5.0-preview.1'
--header 'Authorization: Basic O***E='
{
"count": 4,
"value": [
{
"role": "administrator",
"identityDescriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;00064000B0953ABC@Live.com",
"displayName": null,
"isInheritedRole": false
},
{
"role": "administrator",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-1",
"displayName": null,
"isInheritedRole": true
},
{
"role": "contributor",
"identityDescriptor": "Microsoft.TeamFoundation.ServiceIdentity;7a539633-289b-4efc-ac2e-e475ef28cdc3:Build:c1341550-0e06-4026-ba84-6825bdcdcdb7",
"displayName": null,
"isInheritedRole": false
},
{
"role": "reader",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-3",
"displayName": null,
"isInheritedRole": true
}
]
}
有什么想法吗?为什么它失败了,如何让它发挥作用?
您需要将角色设置为"none"或"1"以删除帐户的权限。简单地不将帐户包括在请求中不会删除权限。
请检查以下示例:将角色设置为"无"以删除其权限。
{
"role": "none",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-3",
"displayName": null,
"isInheritedRole": true
}
或者将角色设置为"1"以删除其权限。
{
"role": "1",
"identityDescriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1343567041-101590592-3129239589-3184381367-0-0-0-0-3",
"displayName": null,
"isInheritedRole": true
}
以下是许可证的号码及其地图:
"1"-->"none" #remove
"2"-->"reader"
"3"-->"contributor"
"4"-->"owner"
"5"-->"collaborator"