Closed GabrielInTheWorld closed 3 years ago
I found the bug. But I don't know how to solve this. @tsiegleauq I think, I need your help
Here is a simpler request that produces the same error:
curl -N localhost:9012/system/autoupdate -d '[
{
"collection":"projection",
"ids":[
3
],
"fields":{
"content_object_id":{
"type":"generic-relation",
"fields":{
"option_ids":null
}
}
}
}
]'
It requests projection/3/content_object_id
. The value is meeting/1
Then, it requests the field option_ids
. So it requests meeting/1/option_ids
. The value is a list of all known options
Then, this list is given to the restricter, that removes all ids from options, that the user is not allowed to see. Therefore it goes throw the rules of option-see-property
The rule is, that someone can see the option, if the user can see the linked poll.
But the linked poll for option/2 is null
The restricter translates the value null
to 0
and therefore checks if the user can see poll/0/id
. This returns in the given error.
So the question is: Do all option have a linked poll? If yes, then the example data are invalid. If not, the see-property of option has to be changed to handle options without a poll.
@ostcar since the client cannot create any options, options will be always created when a poll is created, there will never be an option without a linked poll.
So the question is: Do all option have a linked poll? If yes, then the example data are invalid. If not, the see-property of option has to be changed to handle options without a poll.
The example data might be invalid.
As a "normal" user (no OML, group "staff" in meeting/1), I sent this request:
The AU-service responds me with this error:
The meeting/1 is the "default" meeting inserted by the
initial-data.json
.Can you explain me, why this error happens?