boutell
commented
4 years ago Hmm. Is workflow present?
On Fri, May 8, 2020 at 2:47 AM Ryam BaCo notifications@github.com wrote:
On our Apostrophe website we implemented Vue components interacting with apostrophe pieces using apostrophe-headless. When i'm logged in in Apostrophe and try to upload files by POST against api/v1/attachments i receive "forbidden" as response string with 403 response. when i'm not logged in everything is working fine.
On further debugging it occurs that in api.js the self.apos.permissions-check for "edit-attachment" fails. The initial can-request to apostrophe-permissions returns true, but somehow one of the "can"-listeners sets info.response to false. I currently hack-fixed it by putting
self.apos.on("can", async function (req, action, object, info) { if (action === "edit-attachment" && !info.response) { info.response = true; } });
in my code. But I guess that this shouldn't be the solution.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/apostrophecms/apostrophe-headless/issues/49, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAH27JW65NVDAQQGCXY4STRQOTGHANCNFSM4M354GEQ .
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER APOSTROPHECMS | apostrophecms.com | he/him/his
On our Apostrophe website we implemented Vue components interacting with apostrophe pieces using apostrophe-headless. When i'm logged in in Apostrophe and try to upload files by POST against api/v1/attachments i receive "forbidden" as response string with 403 response. when i'm not logged in everything is working fine.
On further debugging it occurs that in api.js the self.apos.permissions-check for "edit-attachment" fails. The initial can-request to apostrophe-permissions returns true, but somehow one of the "can"-listeners sets info.response to false. I currently hack-fixed it by putting
in my code. But I guess that this shouldn't be the solution.