version=published and version=1.0 return different results for user with readPublish permissions

[aschauerhuber]

Gentics Mesh Version, operating system, or hardware.

• v0.9.14

Problem

Different results for user with readPublish permissions querying a node with version=published and version=1.0 (latest published version).

Reproducer

. create version 1.1 for node fc3c85be82584ae2bc85be82588ae2b0 (Ford GT)
. tested with user 'anonymous'
. set permissions to:

  "permissions" : {
    "create" : false,
    "read" : false,
    "update" : false,
    "delete" : false,
    "publish" : false,
    "readPublished" : true
  }

http://localhost:8080/api/v1/demo/nodes/fc3c85be82584ae2bc85be82588ae2b0 => "Missing permissions on object" => OK
http://localhost:8080/api/v1/demo/nodes/fc3c85be82584ae2bc85be82588ae2b0?version=draft => "Missing permissions on object" => OK
http://localhost:8080/api/v1/demo/nodes/fc3c85be82584ae2bc85be82588ae2b0?version=1.1 => "Missing permissions on object" => OK
http://localhost:8080/api/v1/demo/nodes/fc3c85be82584ae2bc85be82588ae2b0?version=published => node is returned => OK
http://localhost:8080/api/v1/demo/nodes/fc3c85be82584ae2bc85be82588ae2b0?version=1.0 => "Missing permissions on object" => NOK

likewise having read permissions on node fd58237c79d64bf198237c79d6bbf107 (Trabant) results in different responses for version=published and version=1.0:
(no need to change permissions or create version 1.1)

http://localhost:8080/api/v1/demo/nodes/fd58237c79d64bf198237c79d6bbf107 => node is returned => OK
http://localhost:8080/api/v1/demo/nodes/fd58237c79d64bf198237c79d6bbf107?version=1.0 => node is returned => OK
http://localhost:8080/api/v1/demo/nodes/fd58237c79d64bf198237c79d6bbf107?version=draft => node is returned => OK
http://localhost:8080/api/v1/demo/nodes/fd58237c79d64bf198237c79d6bbf107?version=published => "Missing permissions on object" => NOK

Expected behaviour and actual behaviour

behaviour for version=published and version=1.0 should be the same

[Jotschi]

Publishing a draft will automatically raise the draft version to the publish version. It it thus no longer possible to distinguish between 1.0 being the draft or publish version. Mesh currently assumes this version is a draft. The selected permission is currently not chosen by the actual type of container. Instead it is chosen by the query parameter value (version=published -> READ_PUBLISH_PERM) all other values fall back to READ_PERM permission. (NodeCrudHandler:439)

In order to fix this we would need to load the desired version and figure out what versions could be applied.

---

Desired behaviour:

• Loading a node version using the version parameter should always return the node within the draft scope.

[Jotschi]

I finally figured out what the issue is. I have described the technial issue in #1104
Fixing the problem would however cause a breaking change. I'll continue to track the issue in #1104