Permalink
Browse files

Suppress field errors when serving a content through odata. (#144)

This change makes odata responses more robust. If a security error occurs during formatting a field (e.g. a field tries to access another content that the user does not have access to), it makes the whole response invalid by returning an error code. This change suppresses that exception and silently returns a *null* value.
  • Loading branch information...
tusmester committed Aug 10, 2017
1 parent 63f8be7 commit c4895cd63510ba9201e7514f3ac065e0496b1b3c
Showing with 13 additions and 1 deletion.
  1. +13 −1 src/Services/OData/ODataFormatter.cs
@@ -869,7 +869,19 @@ internal static object GetJsonObject(Field field, string selfUrl)
{
return ODataReference.Create(String.Concat(selfUrl, "/", field.Name));
}
data = field.GetData();
try
{
data = field.GetData();
}
catch (SenseNetSecurityException)
{
// The user does not have access to this field (e.g. cannot load
// a referenced content). In this case we serve a null value.
data = null;

SnTrace.Repository.Write("PERMISSION warning: user {0} does not have access to field '{1}' of {2}.", User.LoggedInUser.Username, field.Name, field.Content.Path);
}

var nodeType = data as NodeType;
if (nodeType != null)
return nodeType.Name;

0 comments on commit c4895cd

Please sign in to comment.