-
Notifications
You must be signed in to change notification settings - Fork 393
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access policies are ineffective for modifying abstract types, leading to the ability to directly modify entity types by altering abstract types. #6133
Labels
Comments
I have no idea how I accidentally assigned Dave and Dijana to this issue; this one goes to me :( |
The bug is that parent access policies for updates and deletes are not properly applied to children if the children do not have any access policies of their own.
And I'm working on a fix right now, and it'll be out in 3.4 |
msullivan
added a commit
that referenced
this issue
Sep 21, 2023
Previously we would spuriously ignore the policies on those children, as the result of an incorrect mechanism being used to detect when a type has policies when compiling DML. Just check in the obvious way. Fixes #6133
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to Reproduce:
I was surprised that I could successfully modify the abstract type 'User' directly, which resulted in unintentional changes to 'Customer.' However, attempting to directly modify the 'Customer' entity type was unsuccessful. This has left me puzzled.
The text was updated successfully, but these errors were encountered: