Closed bryanboza closed 6 years ago
Tested after the last changes and we still having the same problem, but to reproduce you should add some pieces of content to the content type before change the permissions... Seems the problems can be with the reset all permissions process. To recreate:
FYI: After reindex we are unable to get these contents
Ok, after test the last changes, now the original problem has been fixed, but now we are having another problem with permissions:
@bryanboza actually, permissions are loaded lazily. This means that if you change permissions without first loading the content, it will get the new permissions. A bug would be:
Ok @wezell, actually your case works as expected, but if you try to reproduce my case on demo.dotcms.com, we have a totally different behavior. Steps:
However we have two roles, the default and the new one. SC: https://screencast.com/t/10RVNQko
Note to QA: After a meeting with Will we realize the issue reported in this https://github.com/dotCMS/core/issues/12536#issuecomment-333656959 is an expected behaviour.
Fixed...
We have problems validating permissions in the content API when you try to get content via REST, this because an anonymous user can get private content.
Expected Behavior
We should validate if the requesting user have permissions to get the requested content
Current Behavior
An anonymous user is able to get content from any content type, without validate if have permissions or not
Steps to Reproduce (for bugs)
Your Environment
Tested on master // Postgres // Postman