Closed dpfaffenbauer closed 4 years ago
I agree.
@dpfaffenbauer see https://github.com/pimcore/data-hub/blob/master/doc/graphl/Security.md regarding error handling.
Default setting is that such things get silently dropped. If this isn't the case then it sounds like a bug.
then it is a bug ;)
@dpfaffenbauer , can you describe your data model in more detail? Is it a manytoonerelation, an image, hotspotimage, etc we are talking about ?
that is the query:
{
getProductListing(first: 1, filter: "{\"o_modificationDate\": {\"$gte\" : \"1586800000\"}}") {
edges {
node {
abiscoId
images{
...on hotspotimage{
image{
fullpath
}
}
}
}
}
}
}
As you can see, it is a gallery with hotspot images.
DataHub Config is pretty simple:
Allowed Assets but only allowed folder "/products". When you then upload an image to lets say "/default_upload_bucket" it fails.
also related: https://github.com/pimcore/data-hub/issues/194
awesome, thanks
This is more a discussion than a bug-report. When you configure Data-Hub to only allow assets from folder "/products" and you create a query for an object that has an image outside that folder, DataHub triggers an internal server error/permission denied error.
Whereas IMO: It should just not serve the image. WDYT?