-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission Field Preset with Dynamic Variable #13806
Comments
Perhaps simpler reproduction is to
Dynamic Variable is not expanded - field value is |
This turns out to be an App-only bug, but the API does work as usual since the referenced PR #10576 was only dealing with the App.
I believe this may indeed be a permission issue, since Dynamic Variables are working API side. Here's an example: chrome_FNRnbYEGdt.mp4Notice that even though the App does indeed show the "unparsed" dynamic variable The same is happening for the DateTime reproduction 👍 so I'd recommend double checking your permissions settings (when it comes to relational fields) for this scenario if possible.
For the issue described here, the App is now truly affecting this use case since you need the organisation ID for the URL to be formed properly! But you also pointed out the query formed is correct, so it is indeed working API side. With that said, will get a PR up to fix this App side. Thanks again for the additional reproduction steps and elaborate descriptions. |
Thanks for looking into this and preparing a PR! As I mentioned in #9682 (reply in thread), I believe the Forbidden error comes up as an effect of having raw Dynamic Variable in a M2O type field at the time when form/ Item detail is opened. As you mentioned, the Dynamic Variable is indeed expanded/ replaced when form is being saved, however at the time the error popup is shown, value is not visible in the M2O field just after this request: GET 403 /items/organisations/%24CURRENT_USER.organisation_id?fields[]=name&fields[]=id
Content-Type: application/json; charset=utf-8
{"errors":[{"message":"You don't have permission to access this.","extensions":{"code":"FORBIDDEN"}}]} BTW: Error message comes from ForbiddenException and actually indicates rather parsing error then permission issue: directus/api/src/utils/validate-keys.ts Lines 23 to 25 in cd58611
Anyway I believe Your pull request will fix this case. |
Describe the Bug
I'm not able to use Dynamic Variable as default field value with Custom Role > Collection > Read > Field Preset
Suspect commit: #10576 (comment)
According to Docs > Filter Rules > Dynamic Variables it should work:
Use case
I'm setting up Directus for multi-tenancy with single database where every user and content item has a field Organisation.
For new content Items I'd like to prefill Organisation's field value to Users' Organisation (and even hide if it's possible).
Extensive description is available here: #9682 (reply in thread)
To Reproduce
Errors Shown
Value filled in as
$CURRENT_USER.email
insteadWhen field has type M2O (as described in Use case), an error pops up:
[Forbidden] You don't have permission to access this.
however I believe the root cause is in Dynamic Variables replacement issue.What version of Directus are you using?
9.12.1
What version of Node.js are you using?
16.15.1
What database are you using?
MySQL 5.7.32
What browser are you using?
Chrome
How are you deploying Directus?
locally
The text was updated successfully, but these errors were encountered: