When creating a read/write role with f:allNodes, queries using that role via opts: { role } behave as expected. HOWEVER, when creating a read-only role with f:allNodes, queries fail to behave as expected, returning [].
This is to say, the following f:Policy allows read-access (and write-access) to all data:
Description
Discovered during testing of fluree/core#61
When creating a read/write role with
f:allNodes
, queries using that role viaopts: { role }
behave as expected. HOWEVER, when creating a read-only role withf:allNodes
, queries fail to behave as expected, returning[]
.This is to say, the following
f:Policy
allows read-access (and write-access) to all data:But if you simply remove
{ "@id": "f:modify" }
, then the same role has no read-access to the data:Steps to Reproduce
Create ledger
Add Policy (note
f:allNodes
&f:view
withoutf:modify
)Query as
ex:rootRole
(note that if we had usedf:view
ANDf:allow
on the policy, this query succeeds)