Open Syndesi opened 6 months ago
Scenario: MATCH (user {id: '7e86b9ec-b1dc-4aed-a627-eb77b265e12c'})-[*1..]->(element) RETURN user, element.
MATCH (user {id: '7e86b9ec-b1dc-4aed-a627-eb77b265e12c'})-[*1..]->(element) RETURN user, element
Read access to relation with id e293d714-9dd3-4186-b0e5-c7531cf74baa is working:
e293d714-9dd3-4186-b0e5-c7531cf74baa
curl http://localhost/e293d714-9dd3-4186-b0e5-c7531cf74baa -H "Authorization: Bearer secret-token:PIPeJGUt7c00ENn8a5uDlc" -i
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK Allow: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK X-Powered-By: Ember-Nexus-API Content-Type: application/json; charset=utf-8 Cache-Control: no-cache, private Date: Sun, 24 Dec 2023 14:38:26 GMT X-Debug-Token: b5db41 X-Debug-Token-Link: http://localhost/_profiler/b5db41 Server: Unit Transfer-Encoding: chunked {"type":"HAS_TAG","id":"e293d714-9dd3-4186-b0e5-c7531cf74baa","start":"5bd2a18a-6d26-4fcd-99a7-9705794b63fc","end":"45482998-274a-43d0-a466-f31d0b24cc0a","data":{"created":"2023-12-24T11:50:13+00:00","updated":"2023-12-24T11:50:13+00:00"}}
Writing access however is denied:
curl -X PATCH http://localhost/e293d714-9dd3-4186-b0e5-c7531cf74baa -H "Content-Type: application/json" -d '{"type": "Test2"}' -H "Authorization: Bearer secret-token:PIPeJGUt7c00ENn8a5uDlc" -i
HTTP/1.1 404 Not Found Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK Allow: GET, HEAD, POST, OPTIONS, PUT, PATCH, DELETE, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK X-Powered-By: Ember-Nexus-API Content-Type: application/problem+json; charset=utf-8 Cache-Control: no-cache, private Date: Sun, 24 Dec 2023 14:46:06 GMT X-Debug-Token: b3d20e X-Debug-Token-Link: http://localhost/_profiler/b3d20e Server: Unit Transfer-Encoding: chunked {"type":"http://localhost/error/404/not-found","title":"Not found","status":404,"detail":"Requested element was not found.","exception":{...}}
As the user has OWNS-access to the start node and READ-access to the end node, writing access should be permitted.
Scenario:
MATCH (user {id: '7e86b9ec-b1dc-4aed-a627-eb77b265e12c'})-[*1..]->(element) RETURN user, element.Read access to relation with id
e293d714-9dd3-4186-b0e5-c7531cf74baais working:Writing access however is denied:
As the user has OWNS-access to the start node and READ-access to the end node, writing access should be permitted.