Closed nombrekeff closed 3 years ago
Checking the code actually only superadmin and owner are able to access to this endpoint. @santoslluis any thougts about this?
Yup, my idea is that Admin users can only list and get users that belong to its application.
Cause it does not make sense that only we can list users, admins should also be allowed to list them I think. As they are the maximum authority in that Application
What do you think? @santoslluis @Nota46
@nombrekeff I've implemented this change, now, admins are able to retrieve a user if this user belongs to the same application. Close this issue if it works when you try from panel. Thank you!
Short description
I'm trying to get a user, using GET
/user/users/:id
, me being an admin. But it throws 403 Access Denied.I'm reporting this from Recogeme.
What I want to accomplish?
I need to be able to list the user that created a record, but when trying to request it, it does not allow me to. It throws a 403 error.
I'm logged in with user: rafa@recogeme.es The user is the admin.
The error arises when I request any user, for example, https://api.caste.qbitartifacts.com/user/users/56de913c-8678-11eb-a80f-02420a001305
Info
Env: PRE Realm: recogeme Failing request: GET
/user/users/56de913c-8678-11eb-a80f-02420a001305
User type: ADMIN User: rafa@recogeme.es (a5f4a29a-8bbf-11eb-831f-02420a001302)Is this a bug or am doing something incorrectly?