search

dotCMS / core

Headless/Hybrid Content Management System for Enterprises
http://dotcms.com
Other
860 stars 467 forks source link

Pulling categories via the API requires CMS Anonymous view permissions on the category #28286

Open swicken-dotcms opened 6 months ago

swicken-dotcms commented 6 months ago

Parent Issue

No response

Problem Statement

When pulling a contentlet via the API that has a category field, if the category does not have CMS Anonymous view permissions it is not included in the API response.

This is accompanied by a WARN message in the dotCMS logs

WARN  strategy.DefaultTransformStrategy - An error occurred when adding Categories to Contentlet with ID '68434398-fa40-410a-89ac-3fad66f28630': User 'anonymous' doesn't have READ permission on Category 'dd98af23-c4ac-472b-aed4-60d67a797469'

Steps to Reproduce

  1. From a demo starter, remove CMS Anonymous permissions from the 'Product Line' category
  2. Pick a product from the contentlet search
  3. Go to this History tab and click 'JSON' to get the API response
  4. The Category field will not be included, and your logs will show the WARN message

Acceptance Criteria

  1. Categories should be pulled based the permissions of the user that is making the API call and not CMS Anonymous

dotCMS Version

master, 23.10, 23.01

Proposed Objective

Technical User Experience

Proposed Priority

Priority 2 - Important

External Links... Slack Conversations, Support Tickets, Figma Designs, etc.

Customer ticket

Assumptions & Initiation Needs

No response

Quality Assurance Notes & Workarounds

No response

Sub-Tasks & Estimates

No response

github-actions[bot] commented 3 months ago

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.