Non-staff users are receiving a 403 Forbidden error when attempting to access their own releases via the API.
To Reproduce
Steps to reproduce the behavior:
Log in as a non-staff user who owns at least one release.
Send a GET request to the API endpoint for accessing user-owned releases.
Observe that a 403 Forbidden error is returned, despite being the owner of the release.
Expected behavior
Non-staff users should have access to their own releases without receiving a 403 error. The expected behavior is that the API validates the ownership and grants access to the resource.
Actual behavior
The API is erroneously returning a 403 Forbidden response to non-staff users for their own releases, indicating a permissions or role-checking issue within the API's access control logic.
Screenshots
N/A
Environment:
OS: All
Browser: All
API version: v0.3.0
Additional context
This issue impedes the users' ability to manage their releases and interferes with the user experience, particularly for users who are actively engaged in managing their music through the platform.
Klastic
commented
4 months ago
Describe the bug
Non-staff users are receiving a 403 Forbidden error when attempting to access their own releases via the API.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Non-staff users should have access to their own releases without receiving a 403 error. The expected behavior is that the API validates the ownership and grants access to the resource.
Actual behavior
The API is erroneously returning a 403 Forbidden response to non-staff users for their own releases, indicating a permissions or role-checking issue within the API's access control logic.
Screenshots
N/A
Environment:
Additional context
This issue impedes the users' ability to manage their releases and interferes with the user experience, particularly for users who are actively engaged in managing their music through the platform.