You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the case where a user has the right to read other users but is only allowed to update his own profile, the fields of the other users' profiles should be read-only.
Reproduce
The administrator gives the right to a regular user to see all users
and the right to update his own profile only {"_and":[{"id":{"_eq":"$CURRENT_USER"}}]}
Give the right to modify at least the Last Name
Log in as the regular user. Click on another profile than his.
Errors displayed
The Last Name is not read-only. The regular user can edit the profile of others.
It is only on saving that he gets the unauthorized error message.
The user should not be allowed to edit the Last Name of others at all.
What version of Directus are you using?
9.21.0
What version of Node.js are you using?
16.14.0
What database are you using?
PostgreSQL 15
What browser are you using?
Edge and Firefox
How do you deploy Directus?
locally and on VPS
The text was updated successfully, but these errors were encountered:
From a UIX perspective, when the user starts editing the field and gets on save an error message makes it appear as a bug.
At first, he shouldn't have been able to edit.
Describe the bug
In the case where a user has the right to read other users but is only allowed to update his own profile, the fields of the other users' profiles should be read-only.
Reproduce
The administrator gives the right to a regular user to see all users
and the right to update his own profile only
{"_and":[{"id":{"_eq":"$CURRENT_USER"}}]}
Give the right to modify at least the
Last Name
Log in as the regular user. Click on another profile than his.
Errors displayed
Last Name
is not read-only. The regular user can edit the profile of others.The user should not be allowed to edit the
Last Name
of others at all.What version of Directus are you using?
9.21.0
What version of Node.js are you using?
16.14.0
What database are you using?
PostgreSQL 15
What browser are you using?
Edge and Firefox
How do you deploy Directus?
locally and on VPS
The text was updated successfully, but these errors were encountered: