Join GitHub today
Form metadata API doesn't return library forms unless user is admin #3919
This API was done initially for the Home page, and the logic is that if you are a regular user, that is not an admin user, we need to filter out certain forms, including:
If the user is "admin", that is the user has all permissions for all forms or explicitly all permissions for the given form, then the forms are returned without any filtering at all.
Now, when we use Form Builder in the context of publishing a form definition or listing the existing library forms in the toolbox (#3885), we call the API explicitly for a
If in this case we haven't configured
For backward compatibility, the assumption, when using Form Builder without explicit
This raises a few questions:
The simplest solution is to pass a new URL parameter,
I don't think that this is a security issue. The filtering is done by the API for the convenience of the Home page, essentially. The API itself is not open by default.