StrafesNET/maps-service
5
Fork 4
Code Issues 17 Pull Requests 1 Packages Projects Releases Wiki Activity

Add Model To Group Inventory On Create #43

New Issue
Closed
opened 2025-03-29 01:13:04 +00:00 by Quaternions · 7 comments
Quaternions commented 2025-03-29 01:13:04 +00:00
Owner
Copy Link

Roblox has a new capability to add assets to a group inventory to make them loadable on a group game. Take advantage of this to finally move maptest places into the staging group.

Roblox has a new capability to add assets to a group inventory to make them loadable on a group game. Take advantage of this to finally move maptest places into the staging group.
Quaternions added the backend label 2025-03-29 01:48:22 +00:00
Quaternions added the validator label 2025-03-29 05:20:26 +00:00
Quaternions added this to the (deleted) milestone 2025-03-29 05:31:04 +00:00
dowoge commented 2025-03-29 05:32:09 +00:00
Member
Copy Link

You can do this using the https://apis.roblox.com/asset-permissions-api/v1/assets/permissions endpoint.
You'll need an account cookie and the usual x-csrf-token stuff to use it.
Using the web interface roblox provides, the request needs to be a PATCH with the following data:

{
    "subjectType": "Universe",
    "subjectId": "4422715291",
    "action": "Use",
    "enableDeepAccessCheck": true,
    "requests": [
        {
            "assetId": 104634944063581,
            "grantToDependencies": true
        },
        ...
    ]
}

subjectType: Should never change (we are always giving a game place aka an experience aka a universe permission to use an asset)
subjectId: This the id of the place we are giving the asset permission to (in this case, 4422715291 is the bhop maptest place from the staging group)
action & enableDeepAccessCheck: I've got no clue what these do, however they are always the same ("Use" and true respectively)
requests: This will contain a list of asset ids being granted access, every entry in the requests list contains the assetId and grantToDependencies keys. My assumption is that the second key is to determine wether we are giving or removing access to the asset. You can also set more than 1 asset's permissions at once by simply adding more entries under requests

Important note: Once this call is made, there appears to be no way to undo the operation. I am unable to remove an asset's access...

You can do this using the `https://apis.roblox.com/asset-permissions-api/v1/assets/permissions` endpoint. You'll need an account cookie and the usual x-csrf-token stuff to use it. Using the web interface roblox provides, the request needs to be a `PATCH` with the following data: ```json { "subjectType": "Universe", "subjectId": "4422715291", "action": "Use", "enableDeepAccessCheck": true, "requests": [ { "assetId": 104634944063581, "grantToDependencies": true }, ... ] } ``` `subjectType`: Should never change (we are always giving a game place aka an experience aka a universe permission to use an asset) `subjectId`: This the id of the place we are giving the asset permission to (in this case, `4422715291` is the bhop maptest place from the staging group) `action` & `enableDeepAccessCheck`: I've got no clue what these do, however they are always the same ("Use" and true respectively) `requests`: This will contain a list of asset ids being granted access, every entry in the requests list contains the `assetId` and `grantToDependencies` keys. My assumption is that the second key is to determine wether we are giving or removing access to the asset. You can also set more than 1 asset's permissions at once by simply adding more entries under `requests` Important note: Once this call is made, there appears to be no way to undo the operation. I am unable to remove an asset's access...
Quaternions added this to the 1.1 Centralize Maptest milestone 2025-04-03 22:08:50 +00:00
Quaternions changed title from Add Model To Group Inventory On Submit to Add Model To Group Inventory On Create 2025-04-10 02:59:34 +00:00
Quaternions commented 2025-06-10 02:49:55 +00:00
Author
Owner
Copy Link

I'm getting 404 from my initial implementation:

asset-tool/rbx_asset/src/cookie.rs Line 620 in 20dd35ac97
let url=reqwest::Url::parse("https://apis.roblox.com/asset-permissions-api/v1/assets/permissions").map_err(SetAssetsPermissionsError::Parse)?;

Getting this error when creating a new submission and attempting to add it to the universe loadable models:

Create(LoadableOnMaptest(Response(Details { status_code: 404, url_and_body: UrlAndBody { url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("apis.roblox.com")), port: None, path: "/asset-permissions-api/v1/assets/permissions", query: None, fragment: None }, body: "{\"errors\":[{\"message\":\"\",\"code\":0}]}\n" } })))

Here's the code calling into the rbx_asset crate:

maps-service/validation/src/create.rs Line 78 in 281ea579fa
self.cookie_context.set_assets_permissions(config).await.map_err(Error::LoadableOnMaptest)?;

I'm getting 404 from my initial implementation: https://git.itzana.me/StrafesNET/asset-tool/src/commit/20dd35ac97f16765f65d2c915656f85578c496db/rbx_asset/src/cookie.rs#L620 Getting this error when creating a new submission and attempting to add it to the universe loadable models: ``` Create(LoadableOnMaptest(Response(Details { status_code: 404, url_and_body: UrlAndBody { url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("apis.roblox.com")), port: None, path: "/asset-permissions-api/v1/assets/permissions", query: None, fragment: None }, body: "{\"errors\":[{\"message\":\"\",\"code\":0}]}\n" } }))) ``` Here's the code calling into the rbx_asset crate: https://git.itzana.me/StrafesNET/maps-service/src/commit/281ea579fa5f4efc9e698001ab8df9c21ad7b03a/validation/src/create.rs#L78
dowoge commented 2025-06-11 01:15:40 +00:00
Member
Copy Link

Resolved on stream, commit 01985f1523 should fix the problem

Resolved on stream, commit https://git.itzana.me/StrafesNET/asset-tool/commit/01985f15236eb57c3bbe6e249df804bdc2486cd8 should fix the problem
Quaternions commented 2025-06-11 04:12:48 +00:00
Author
Owner
Copy Link

It does not sadly, now I'm getting http 415 response.

Create(LoadableOnMaptest(Response(Details { status_code: 415, url_and_body: UrlAndBody { url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("apis.roblox.com")), port: None, path: "/asset-permissions-api/v1/assets/permissions", query: None, fragment: None }, body: "" } })))
It does not sadly, now I'm getting http 415 response. ``` Create(LoadableOnMaptest(Response(Details { status_code: 415, url_and_body: UrlAndBody { url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("apis.roblox.com")), port: None, path: "/asset-permissions-api/v1/assets/permissions", query: None, fragment: None }, body: "" } }))) ```
dowoge commented 2025-06-11 04:35:02 +00:00
Member
Copy Link

Genuinely no idea how that’s even possible

Genuinely no idea how that’s even possible
Quaternions commented 2025-06-24 06:46:34 +00:00
Author
Owner
Copy Link

It does not sadly, now I'm getting http 415 response.

For posterity, this was fixed by setting the Content-Type header (to json) 384640a407

I reverted #198 in 40b0af0063 since Roblox requirements make it ineffective, so all it does is add new ways for submissions to fail. My plan is to implement it using the non-centralized maptest places instead until Roblox fixes the unusable feature.

> It does not sadly, now I'm getting http 415 response. For posterity, this was fixed by setting the Content-Type header (to json) https://git.itzana.me/StrafesNET/asset-tool/commit/384640a407f1cac9bb9289e93c051a4d836bd156 I reverted #198 in 40b0af00633c5d759c6038b4d8242bb503985352 since Roblox requirements make it ineffective, so all it does is add new ways for submissions to fail. My plan is to implement it using the non-centralized maptest places instead until Roblox fixes the unusable feature.
Quaternions commented 2025-12-28 08:02:50 +00:00
Author
Owner
Copy Link

Closing in favour of #316.

Closing in favour of #316.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
backend
Submissions api related
 bug
Something is not working
 duplicate
This issue or pull request already exists
 enhancement
New feature
 frontend
Website related
 help wanted
Need some help
 invalid
Something is wrong
 question
More information is needed
 validator
Map validation related
 wontfix
This won't be fixed
No Label backend validator
Milestone
No items
No Milestone 1.1 Centralize Maptest
Projects
Clear projects
No project
Assignees
Clear assignees
aidan9382 CI dowoge fiveman1 ic3w0lf22 interpreterK itzaname Quaternions
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: StrafesNET/maps-service#43
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?