When calling getListItem with locals.pb client and empty item Id string response contains a list of all items

[parkernilson]

This should not be possible, since this behavior of pocketbase getOne should only return all documents if the pocketbase client is authenticated as admin.

A possible fix would be to make sure that our local getListItem method returns an error when given an empty string, but this raises the question about whether our users are accidentally getting authenticated as admins somewhere in the pipeline.

[parkernilson]

I believe that somehow, the way we are using the getAdminClient function is causing the locals.pb client to get authenticated as an admin.

I recreated the same getOne call with a non-admin user in a different repo and an empty id string and the response is must be an admin to do this. Therefore, I believe it has to do with authenticating an admin client on the same process or something like that.

EDIT: Actually this probably has to do with the API rules. If the user has permissions to list records in a collection, then it appears that the default behavior of getOne("") is to list all of the records.

[parkernilson]

The problem was that use:enhance will reset the form inputs by default, and in this case we do not want that.

It has been resolved by using update({ reset: false })