[BUG]: List Entity API is returning private properties in the response - Githubissues

Sunbird-RC / community

Repo to enable discussions, issue tracking & documentation for the Sunbird-RC projects

MIT License

12 stars 23 forks source link

[BUG]: List Entity API is returning private properties in the response #1008

Open holashchand opened 5 months ago

holashchand commented 5 months ago

What is the bug related to?

Registry Core

What went wrong?

Steps to reproduce -

Create a Schema ie. User with below properties in configuration

...
"privateFields": ["$.Name", "$.Gender", "$.Phone", "$.email", "$.password"],
"roles": ["admin", "User"],
"inviteRoles": ["admin"],
"ownershipAttributes": [
  {
    "email": "/email",
    "mobile": "/Phone",
    "userId": "/Phone",
    "password": "/password"
  }
]
...

Use the API GET /api/v1/User with user token
Observe when using User token for the user being created here, it doesn't return private property fields, but when using an admin token, it returns expected response

What did you expect to see?

Private fields should be accessible with both of a roles's token and the user of ownership attributes's token

Additional Context

No response

Relevant logs/output (if any)

No response