-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃悰 Bug Report: Nested update, permission issue #5404
馃悰 Bug Report: Nested update, permission issue #5404
Comments
@Heargo thanks for creating this issue! 馃檹馃徏 I think this is happening because we're checking permissions using everything in the document: appwrite/app/controllers/api/databases.php Line 3290 in 62bdc77
Rather than just wan'ts passed in. I'm thinking we can solve this issue if I move that to after the the permission check. |
A user should be able to update a document without touching the relationship. Relates: #5404
This has been solved in 1.4 |
馃憻 Reproduction steps
SETUP
I have a collection Player that is related to the collection playerAttributes and playerAttributes is related to the collection Attributes:
Player -> playerAttributes -> Attributes.
The user A create multiples documents in Attributes. He has all permission on these documents.
The user B create a player and has all permission for the player and playerAttributes documents created.
However, the playerAttributes documents are linked to already created documents in Attributes and the user B only has read permission for the Attributes collection.
馃憤 Expected behavior
The user B should be able to update the player name as he has update permissions on the Player collection.
馃憥 Actual Behavior
When the user B want to update the player name he get the following error :
{"message":"The current user is not authorized to perform the requested action.","code":401,"type":"user_unauthorized","version":"1.3.1"}
This is because he doesn't have update permissions in the Attributes collection.
馃幉 Appwrite version
Version 1.3.x
馃捇 Operating system
Linux
馃П Your Environment
I used appwrite web SDK
馃憖 Have you spent some time to check if this issue has been raised before?
馃彚 Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: