Skip to content

debt(dwr): replacing PermissionAjax with rest endpoint#34799

Open
wezell wants to merge 6 commits intomainfrom
issue-34797-dwr-to-rest
Open

debt(dwr): replacing PermissionAjax with rest endpoint#34799
wezell wants to merge 6 commits intomainfrom
issue-34797-dwr-to-rest

Conversation

@wezell
Copy link
Contributor

@wezell wezell commented Feb 27, 2026
edited
Loading

Prompt log: https://gist.github.com/wezell/c4b5f7f20e780e9ebe7f35a68c954ebc

Summary

  • Replaces PermissionAjax DWR calls with a new REST endpoint (/api/v1/permissions)
  • Migrates all JSP frontend callers from DWR proxy to fetch() calls against the new JAX-RS resource
  • Deprecates PermissionAjax and several other unused DWR classes (HostAjax, InodeAjax, CategoryAjax, PermissionableObjectDWR)
  • Removes DWR script includes that are no longer needed

Changes

  • New: PermissionResource.java — REST endpoint for permission operations (get permissionable, get permissions, save permissions, reset permissions)
  • New: PermissionableObjectView.java, AssetPermissionHelper enhancements
  • Updated: 12 JSP files migrated from PermissionAjax DWR to REST fetch calls
  • Updated: dwr.xml — removed unused DWR class mappings
  • Updated: OpenAPI spec with new permission endpoints

Test Plan

  • Verify permission tab loads correctly on content types, containers, templates, folders, hosts
  • Verify saving/resetting permissions works via the new REST endpoints
  • Verify categories permissions dialog works
  • Verify browser view permission checks still function

Ref: #34797

🤖 Generated with Claude Code

@github-actions github-actions bot mentioned this pull request Feb 27, 2026
Open
4 tasks
@github-actions github-actions bot added the Area : Backend PR changes Java/Maven backend code label Feb 27, 2026
@wezell @claude
test(dwr) #34797: add integration tests for PermissionResource REST e…
a82d513 
…ndpoint

Adds 31 new integration tests covering the previously untested endpoints:
GET /{assetId}, PUT /role/{roleId}/asset/{assetId}, PUT /{assetId}/_individualpermission,
GET /{assetId}/_permissionable, GET /_bypermissiontype, and GET /_bycontent.
Includes security boundary, pagination, roundtrip, and error case coverage.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@wezell wezell linked an issue Feb 27, 2026 that may be closed by this pull request
DWR modernization #34797
Open
4 tasks
wezell and others added 4 commits February 27, 2026 11:00
@wezell @claude
fix(dwr) #34797: resolve category permissions and inherited-from display
a782e1d 
- Add Category to AssetPermissionHelper.resolveAsset() chain so category
  inodes are recognized as permissionable assets
- Add inheritedFromType/Path/Id fields to RolePermissionView so the
  "Getting permissions from parent:" label renders correctly
- Guard initPermission() in view_categories.jsp against undefined asset ID

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@wezell
Merge branch 'main' into issue-34797-dwr-to-rest
1487034
@wezell
debt(dwr): replacing PermissionAjax with rest endpoint
297c21a 
ref: #34797
@wezell
Merge branch 'issue-34797-dwr-to-rest' of github.com:dotCMS/core into…
236446b 
… issue-34797-dwr-to-rest
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Area : Backend PR changes Java/Maven backend code

Projects

dotCMS - Product Planning
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DWR modernization

1 participant

@wezell