jsteemann
commented
6 years ago Thanks for reporting this. It is indeed a bug. I have fixed it locally and opened a PR for the ArangoDB main repository. When it is accepted and we have a nightly build that contains the changes, I will update this issue.
@jsteemann I am posting this here because I am not sure if it should be 403 or 401 in those cases that fail (see test on travis). However, I think there should be some 40x response at this point.
While re-running the ArangoDB-PHP testsuite before tagging the 3.2.0 release of the PHP driver, several errors came up, that were not there in a prior test with some of the early betas. Test(https://travis-ci.org/arangodb/arangodb-php/jobs/251986282)
Three of the tests expect to get an exception from the Server, stating that the user has no access to the
_systemdatabase (or even a 403 that the user has no access at all?)How to recreate this:
1) create a user with permissions to the
_systemDB. 2) Revoke the permissions. 3) check with the API url GET /_api/user/{user}/database/Expected result: return with 401 (or 403) Actual: 200OK with an empty result object