search

dotCMS / core

Headless/Hybrid Content Management System for Enterprises
http://dotcms.com
Other
866 stars 467 forks source link

Indexcount API Not Respecting Permissions #29297

Open Neehakethi opened 4 months ago

Neehakethi commented 4 months ago

Parent Issue

No response

Problem Statement

Issue Description

When using the indexcount API, it does not respect the permissions of the logged-in user, while the query API does. This inconsistency causes issues with pagination in our image browser.

Steps to Reproduce

  1. Log in to demo with a user with limited permissions (e.g., "Contributer").
  2. Use the following API call to get the index count of the image content type /api/content/indexcount/+contentType
  3. Use the following API call to query images: /api/content/query/+contentType/limit/20/offset/0
  4. Observe that the index count API returns a count that does not respect the user's permissions, whereas the query API returns the correct results based on permissions.

Expected Behavior

The indexcount API should return the count of images that the logged-in user has permission to view.

Actual Behavior

The indexcount API returns the total count of all images, ignoring the user's permissions.

dotCMS Version: 24.04.24_lts_v3

Screenshot 2024-07-18 at 8 39 52 AM Screenshot 2024-07-18 at 8 40 38 AM

Acceptance Criteria

The indexcount API should return the count of images that the logged-in user has permission to view.

dotCMS Version

dotCMS Version: 24.04.24_lts_v3

Proposed Objective

Core Features

Proposed Priority

Priority 3 - Average

External Links... Slack Conversations, Support Tickets, Figma Designs, etc.

https://dotcms.zendesk.com/agent/tickets/117196

Assumptions & Initiation Needs

No response

Quality Assurance Notes & Workarounds

No response

Sub-Tasks & Estimates

No response

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.