Description
Describe the bug
Even after patching the known bugs in the APIKey.update() method (the "priveleges" typo and URL formatting issues noted in Issue #2232), item access privileges (portal:app:access:item:*) still cannot be added to existing API keys. The update appears to succeed based on the API response, but verification shows that the API Key Item on ArcGIS Online is not updated, and item access privileges are not actually being applied.
To Reproduce
Steps to reproduce the behavior:
import arcgis
from arcgis.gis import GIS
from arcgis.gis._impl import APIKey
from typing import List
# Connect to ArcGIS Online
gis = GIS("https://www.arcgis.com", "username", "password")
# Get an existing API key
api_key = gis.content.get("your_api_key_id") # Replace with actual ID
# Get some content items to add privileges for
items_to_add = gis.content.search(query="", max_items=5)
# Patch the APIKey.update method to fix known bugs
original_update = APIKey.update
def patched_update(self, http_referers=None, privileges=None):
"""Patched version that fixes both the typo in 'privileges' and the URL format"""
# Fix the URL format - ensure proper slash between domain and path
base_url = self._gis._url
if base_url.endswith('/'):
base_url = base_url
else:
base_url = base_url + '/'
url = f"{base_url}sharing/rest/content/users/{self._gis.users.me.username}/items/{self._item.id}/updateApiKey"
params = {"f": "json"}
if http_referers is not None:
params["httpReferrers"] = http_referers
if privileges is not None:
params["privileges"] = privileges # Fixed spelling here
self._properties = None
return self._gis._con.post(url, params)
# Apply the code patch
APIKey.update = patched_update
# Create an APIKey Class instance
api_key_class = APIKey(api_key, gis)
# Get current privileges
api_key_privileges = api_key_class.properties["privileges"]
print("Current privileges:", api_key_privileges)
# Add new item access privileges
for item in items_to_add:
privilege_to_add = f'portal:app:access:item:{item.id}'
if privilege_to_add not in api_key_privileges:
api_key_privileges.append(privilege_to_add)
print(f"Adding privilege: {privilege_to_add}")
# Update the API key with new privileges
update_result = api_key_class.update(privileges=api_key_privileges)
print("Update result:", update_result)
# Verify update by refreshing properties
api_key_class._properties = None # Force refresh
updated_privileges = api_key_class.properties["privileges"]
# Check for the added privileges
item_ids = [item.id for item in items_to_add]
missing_items = []
for item_id in item_ids:
privilege = f'portal:app:access:item:{item_id}'
if privilege not in updated_privileges:
missing_items.append(item_id)
if missing_items:
print("Verification failed - items not added:", missing_items)
else:
print("Verification successful - all items were added")The update call appears to succeed and returns a valid response, but when verifying the updated privileges, all the item access privileges are missing.
Expected behavior
After patching the known issues and updating the API key, the new item access privileges should be successfully added and visible in the API key's properties.
Platform
- OS: Databricks
- Python API Version: 2.4.0
Additional context
This issue seems to be separate from the previously identified typo and URL formatting issues in the update() method (Issue #2232). Even with those issues patched, there appears to be a deeper problem with how item access privileges are applied to API keys.
The update operation returns a response that appears successful, but doesn't actually apply the requested item access privileges (including not updating the "item updated" timestamp). This suggests there may be an issue with how the API is processing the privilege updates on the server side, or there could be additional validation or formatting requirements not documented in the API.
I've verified that I have permission to update API keys through the ArcGIS Online UI, indicating this is specifically an issue with the Python API implementation rather than a permissions problem.