Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge PATCH doesn't work on permissions #1322

Closed
glasserc opened this issue Aug 18, 2017 · 3 comments
Closed

Merge PATCH doesn't work on permissions #1322

glasserc opened this issue Aug 18, 2017 · 3 comments
Labels
bug

Comments

@glasserc
Copy link
Contributor 

$ http -a 'user:pass' http://localhost:8888/v1/buckets/b4/collections/cc
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Expires, Content-Length, Pragma, Backoff, Cache-Control, Alert, Retry-After, ETag, Last-Modified
Cache-Control: no-cache, no-store
Content-Length: 182
Content-Type: application/json
Date: Fri, 18 Aug 2017 16:52:04 GMT
Etag: "1503075082664"
Last-Modified: Fri, 18 Aug 2017 16:51:22 GMT
Server: waitress
X-Content-Type-Options: nosniff

{
    "data": {
        "a": "whoo",
        "id": "cc",
        "last_modified": 1503075082664
    },
    "permissions": {
        "read": [
            "hi"
        ],
        "write": [
            "basicauth:08eee2542a2328390dfaa7390fa7df0d64a7081b44d629bfacd9b4e02bd2676d"
        ]
    }

Let's get rid of the read permissions.

$ http -a 'user:pass'  PATCH http://localhost:8888/v1/buckets/b4/collections/cc "Content-Type:application/merge-patch+json" data:='{"a": null}' permissions:='{"read": null}'
HTTP/1.1 400 Bad Request
Access-Control-Expose-Headers: Alert, Backoff, Content-Length, Retry-After
Content-Length: 215
Content-Type: application/json
Date: Fri, 18 Aug 2017 16:52:47 GMT
Server: waitress
X-Content-Type-Options: nosniff

{
    "code": 400,
    "details": [
        {
            "description": "\"None\" is not iterable",
            "location": "body",
            "name": "permissions.read"
        }
    ],
    "errno": 107,
    "error": "Invalid parameters",
    "message": "permissions.read in body: \"None\" is not iterable"
}

Note that JSON Patch does work by applying changes uniformly to data and permissions.
@glasserc glasserc mentioned this issue Aug 18, 2017
Merged
@leplatrem leplatrem added the bug label Aug 21, 2017
@gabisurita
Copy link
Member

gabisurita commented Oct 21, 2017
edited

Null read permissions is failing colander validation. This is easy to fix if we allow {"permissions": {"read": null} on PermissionsSchema, but that poses another problem: should we allow permissions to be null on "regular" JSON? Which would be the behavior? Do nothing? Or should we add some custom validation to raise an exception?

@gabisurita
Copy link
Member

related to Pylons/colander#299

@gabisurita gabisurita mentioned this issue Oct 21, 2017
Merged
2 tasks
@glasserc
Copy link
Contributor Author

glasserc commented Nov 2, 2017

Hmm, I think it's OK to disallow it for "regular" JSON. I like the solution in your PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@glasserc @leplatrem @gabisurita