search

directus / v8-archive

Directus Database API — Wraps Custom SQL Databases with a REST/GraphQL API
https://docs.directus.io/api/reference.html
507 stars 203 forks source link

Bug with the Users Permissions #2092

Open iksent opened 4 years ago

iksent commented 4 years ago

• Version of Directus: 8.8.1 • Server, OS & Database Details: PHP web hosting, MySQL 5.6

• Steps to Reproduce

  1. Create new role "Manager"
  2. Set it the next permissions for the Users:

2020-08-27_10-03-34

2020-08-27_10-03-55

2020-08-27_10-04-00

  1. Login as Manager and everything looks ok, editing fields of another manager is blocked as expected: 2020-08-27_10-06-29

  2. But then uncheck "Status" field for manager role: 2020-08-27_10-07-32

  3. And the form will be broken, all the fields are editable (but API rejects any changes): 2020-08-27_10-08-19

BONUS PROBLEM:

  1. Uncheck also the "Role": 2020-08-27_10-11-59

  2. And admin panel will be disabled completely for managers users: 2020-08-27_10-11-46

If it is imposible to use the admin panel without the roles, so may be you need to remove the ability to uncheck it?

woeterman94 commented 4 years ago

Fixed it by setting permissions of my role like this. image