If an organization has the ADP role and then PUT /org/:shortname?active_roles.add=CNA is used, the outcome of that PUT API call includes:
"authority": {"active_roles": ["ADP", "CNA"]}
and then calling GET /registry/org/:shortname produces output that includes:
"authority":["ADP","CNA"]
However, src/middleware/schemas/ADPOrg.json says authority is "const": ["ADP"] and src/middleware/schemas/CNAOrg.json says authority is "const": ["CNA"]
In other words, a PUT /org/:shortname?active_roles.add= call apparently allows the caller to assign roles with no assurance that the schema-based data requirements and constraints for that role have been satisfied (i.e., validateOrg is never called).
If an organization has the ADP role and then PUT /org/:shortname?active_roles.add=CNA is used, the outcome of that PUT API call includes:
and then calling GET /registry/org/:shortname produces output that includes:
However, src/middleware/schemas/ADPOrg.json says authority is
"const": ["ADP"]and src/middleware/schemas/CNAOrg.json says authority is"const": ["CNA"]In other words, a PUT /org/:shortname?active_roles.add= call apparently allows the caller to assign roles with no assurance that the schema-based data requirements and constraints for that role have been satisfied (i.e., validateOrg is never called).