You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Created a user role with the language restricted permissions, using the Directus Cloud Demo project. The goal is to restrict the user to only being able to edit pt-BR translations fields.
As long as the translations junction table entries exist, the role permissions seem to work as expected, but when the pt-BR junction entries don't exist for an existing article, then the user gets one of two errors depending on Articles Update permission:
{
"message": "You don't have permission to access this.",
"extensions": {
"code": "FORBIDDEN"
}
}
OR
The following fields have invalid values:
- languages_id: validationError.undefined
^^ Another user reported getting: languagesCode: value has to be pt
To Reproduce
Directus Cloud Demo project collection permissions for Language Restricted Role:
articles
Create - None
Read - All
Update - All (only way to get the actual junction table error)
Update - Ideally fields are restricted to Id and Translations with the following filter rule, but get Error: You don't have permission to access this
I believe this is the same confusion around validation only checking against the payload, not against the full final object. In this case, the app most likely only submits {id: 1, text: 'some Portuguese text'} to the API, which in turn causes the validation to fail, as language_id isn't set even though it already exists as such in the DB
Describe the Bug
Created a user role with the language restricted permissions, using the Directus Cloud Demo project. The goal is to restrict the user to only being able to edit pt-BR translations fields.
As long as the translations junction table entries exist, the role permissions seem to work as expected, but when the pt-BR junction entries don't exist for an existing article, then the user gets one of two errors depending on Articles Update permission:
OR
To Reproduce
Directus Cloud Demo project collection permissions for Language Restricted Role:
articles
Create - None
Read - All
Update - All (only way to get the actual junction table error)
Update - Ideally fields are restricted to Id and Translations with the following filter rule, but get
Error: You don't have permission to access this
articles_translations
Create: All Fields and filter
Read: All Fields and filter
Update: All Fields and filter
languages
Create: None
Read: All Fields and filter
Update: None
User with Language Restricted Role:
Errors Shown
OR
OR
What version of Directus are you using?
9.13.0 & 9.14.1
What version of Node.js are you using?
Directus Cloud
What database are you using?
Directus Cloud
What browser are you using?
Chrome
How are you deploying Directus?
Directus Cloud
The text was updated successfully, but these errors were encountered: