Skip to content
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.

Users cannot patch collection_presets when update permissions set to "mine" #627

Closed
honzabilek4 opened this issue Dec 4, 2018 · 4 comments
Closed

Users cannot patch collection_presets when update permissions set to "mine" #627

honzabilek4 opened this issue Dec 4, 2018 · 4 comments
Labels
bug Something isn't working

Comments

@honzabilek4
Copy link

honzabilek4 commented Dec 4, 2018
edited
Loading

When collection_presets update permission is set to mine, which is by default. Regular user is unable to send PATCH request to update his record. This way it's impossible for them to customise their collection view unless the update permissions is manually set to all.

screenshot 2018-12-04 at 11 07 51

screenshot 2018-12-04 at 11 11 14
screenshot 2018-12-04 at 11 12 49
screenshot 2018-12-04 at 11 13 02

Here, you can see that the record with id 10 exists and is assigned to user with id 2, who is the currently logged in user.
screenshot 2018-12-04 at 11 18 39

System

  • API: [2.0.10]
  • Web Server: [Nginx 1.14.1]
  • PHP Version: [eg: 7.0.32]
  • Database: [eg: MySQL 5.7.24]
@honzabilek4 honzabilek4 added the bug Something isn't working label Dec 4, 2018
@benhaynes
Copy link
Sponsor Member

Thanks @honzabilek4 — we're on it!

@wellingguzman wellingguzman mentioned this issue Jan 4, 2019
Closed
This was referenced Jan 25, 2019
Closed
Closed
@wellingguzman
Copy link
Contributor

Also it should be noted that this also happens with any permission that needs to verify the owner of the item.

@wellingguzman
Copy link
Contributor

Another thing to add here is because at the moment we can't tell what field store the owner of collection_presets, we can't properly verify the permission using mine or role. The API tries to look for a field user_created type, and this should change for another field for owner, and one case of author this can be either a new type or a fixed logic.

@rijkvanzanten
Copy link
Member

For directus_collection_presets, we can use the user column for this purpose.

@binal-7span binal-7span mentioned this issue Mar 19, 2019
Merged
rijkvanzanten pushed a commit that referenced this issue Mar 19, 2019
@binal-7span @rijkvanzanten
Issue fix #627 (#837)
854d158 
* Remove unwanted code from previous push

* White space remove

* Fix: Users cannot patch collection_presets when update permissions set to 'mine'

* Remove redundunt function
Lapsus pushed a commit to Lapsus/api that referenced this issue May 8, 2019
@binal-7span @Lapsus
Issue fix directus#627 (directus#837)
b17bbf0 
* Remove unwanted code from previous push

* White space remove

* Fix: Users cannot patch collection_presets when update permissions set to 'mine'

* Remove redundunt function
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@benhaynes @wellingguzman @honzabilek4 @rijkvanzanten