search

dotkernel / api

DotKernel's PSR-7 REST style API built around the Mezzio API skeleton.
https://docs.dotkernel.org/api-documentation/
MIT License
35 stars 5 forks source link

Logged admin errors on some user related endpoints #149

Closed OnitaAndrei closed 1 year ago

OnitaAndrei commented 2 years ago 
POST {{APPLICATION_URL}}/user/my-avatar
GET {{APPLICATION_URL}}/user/my-avatar
DEL {{APPLICATION_URL}}/user/my-avatar
DEL {{APPLICATION_URL}}/user/my-account
GET {{APPLICATION_URL}}/user/my-account
PATCH {{APPLICATION_URL}}/user/my-account

throw error messages when accessed by logged Admin because the endpoints search for logged User

bidi47 commented 2 years ago

@arhimede , you mentioned the permission inheritance during the call we had regarding this rather than changing the code, a simpler solution would be to work in authorization.global.php the admin role now inherits all of the user's permissions

UserRole::ROLE_USER => [AdminRole::ROLE_ADMIN],

but if we separate the permission list for the admin, then it won't come into conflict with e.g. the user's avatar

as a side note, i noticed a typo in the comment in the above file

  • Example: 'roles' => [ 'A' => [], 'B' => ['A'], 'C' => ['B'], ],
    • A has no parent role.
    • B has A as a parent. That means A inherits the permissions of B.
    • C has B as a parent. That means C inherits the permissions of B, and A inherits the permissions of C.

the last line should be 'B inherits the permissions of C'

bidi47 commented 2 years ago

updated in https://github.com/dotkernel/api/pull/151

bidi47 commented 1 year ago

tested and merged