You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This getIds query don't apply the collection access control and will return ids regardless from permission.
For example, have 2 collections, one with no user permissions, one with a user view permission.
I want to get a paginated list of ten medias available, the getIds query will return ten media ids of the 'no permission' collection, and will be used as filter by the findMedia query.
FindMedia query will apply a access control condition, and there will be no result because user has no rights to see these ten medias.
Expected Behavior
The FindMedia method should return only available media for the user.
Steps to Reproduce
Create 2 collections, one with no permission, one with a view permission, add 10 medias on each.
Excecute the get method of the mediamanager with a ten media limit, There will be no results.
Possible Solutions
Add the access control condition as optional to the getIds method
The text was updated successfully, but these errors were encountered:
Actual Behavior
When using the findeMedia method of the media repository, there an automatic filter on ids.
It will query media ids and use them to filter the main query, if ids is not set or null.
https://github.com/sulu/sulu/blob/develop/src/Sulu/Bundle/MediaBundle/Entity/MediaRepository.php#L151
This getIds query don't apply the collection access control and will return ids regardless from permission.
For example, have 2 collections, one with no user permissions, one with a user view permission.
I want to get a paginated list of ten medias available, the getIds query will return ten media ids of the 'no permission' collection, and will be used as filter by the findMedia query.
FindMedia query will apply a access control condition, and there will be no result because user has no rights to see these ten medias.
Expected Behavior
The FindMedia method should return only available media for the user.
Steps to Reproduce
Create 2 collections, one with no permission, one with a view permission, add 10 medias on each.
Excecute the get method of the mediamanager with a ten media limit, There will be no results.
Possible Solutions
Add the access control condition as optional to the getIds method
The text was updated successfully, but these errors were encountered: