Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: Mercury
-
Fix Version/s: All Time Backlog
-
Component/s: API
-
Labels:
-
Environment:
aml-sapi feature/mercury branch
Description
PermissionService#setProperty
Permissions in the database have a type and data field. Type is either one of R (Regex) or E (Javascript expression).
Changing one without changing the other could potentially break the permission.
ie. Permission "any" has Type=R and Data=*. *. *
Say Type is changed to E. However, Data is not a valid Javascript expression, thus the permission no longer works.
Any requests that require that permission will throw a 500 error.
Same is true for the other way around:
Say Data is changed to "resource != null". This is not valid Regex, so the same problem will occur.
An attempt to fix this can be found in the sapi-documentation-misc-changes branch.
