Extra metadata endpoint return 403 even if the user has view perms #9842
Assignees
Labels
Milestone
Comments
mattiagiupponi
added
API v2
master
4.0.x
major
mattiagiupponi
added a commit
that referenced
this issue
Aug 10, 2022
mattiagiupponi
added a commit
that referenced
this issue
Aug 10, 2022
mattiagiupponi
added a commit
that referenced
this issue
Aug 10, 2022
mattiagiupponi
added a commit
that referenced
this issue
Aug 10, 2022
mattiagiupponi
added a commit
that referenced
this issue
Aug 10, 2022
#9843) (#9844) * [Fixes #9842] Extra metadata endpoint return 403 even if the user has view perms Co-authored-by: mattiagiupponi <[email protected]>
mattiagiupponi
added a commit
that referenced
this issue
Aug 17, 2022
[Fixes #9842] Extra metadata endpoint return 403 even if the user has view perms, add new test
github-actions bot
pushed a commit
that referenced
this issue
Aug 17, 2022
[Fixes #9842] Extra metadata endpoint return 403 even if the user has view perms, add new test
mattiagiupponi
added a commit
that referenced
this issue
Aug 17, 2022
[Fixes #9842] Extra metadata endpoint return 403 even if the user has view perms, add new test Co-authored-by: mattiagiupponi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
If a user with view perms reach /api/v2/resources/{resource_id}/extra_metadata/ it should be able to see the endpoint
Actual Behavior
The API raises a 403 since it checks the UserHasPerms class for each method defined in the @action class when the
self.get_object()is calledSteps to Reproduce the Problem
Specifications
The text was updated successfully, but these errors were encountered: