STdevK
commented
2 months ago Investigation revealed the team added created_object permission recently, but lost their delete_object permission. It was found out that when calling the api to putPolicy (when you modify permission policy/statement), what actually happens is that the old policy and statement will be overridden by the new one, instead of adding the new statement on the top of the existing ones. please put all the permission they want for one policy into one request, instead of send in multiple putPolicy requests.
System information
Greenfieldscan explorer data and chain data seem mismatched.
Expected behaviour
when calling the policy from the chain, the permission is only delete_object.
Actual behaviour
greenfieldscan explorer shows the permission of address 0xccC793c4D92f7c425Ef5C2b418b9186ad180708d for bucket (test-c6b1) is create_object and delete_object. https://testnet.greenfieldscan.com/bucket/0x0000000000000000000000000000000000000000000000000000000000004632?tab=permission
Steps to reproduce the behaviour
Backtrace
When submitting logs: please submit them as text and not screenshots.