You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This works fine for normal scenarios of editing/updating/creating roles or permissions or users. But this causes us issues when we are just trying to associate Permissions (connect/disconnect) to a Role OR connecting/disconnecting roles from users.
The issue here is that UPDATE is rejected with error of ACCESS_POLICY_VIOLATION for e.g. while trying to assign a role to a user with
The problem is being caused by post-update check on modifiedById on both sides of the relationship.
Describe the solution you'd like
Stop the post update checks when the modification is just connecting/disconnecting and not actual update of the model
Describe alternatives you've considered
...
Additional context
...
The text was updated successfully, but these errors were encountered:
Milan-Bhl
changed the title
[Feature Request] Stop certain access control rules not to be applied on many-to-many relationship
[Feature Request] Stop certain access control rules not to be applied while connecting/disconnecting relationship
May 28, 2024
Basically, for relation connect/disconnect, the side that gets the foreign key field update is required to be "updatable". However, implicit many-to-many is a special case because there's an implied "join table" that connects both sides. Currently, ZenStack is conservative and requires both sides to be updatable.
There was a suggestion for utilizing the field-level policies to fine-tune this behavior: #856
Is your feature request related to a problem? Please describe.
I have zmodels structured like this:
This works fine for normal scenarios of editing/updating/creating roles or permissions or users. But this causes us issues when we are just trying to associate Permissions (connect/disconnect) to a Role OR connecting/disconnecting roles from users.
The issue here is that UPDATE is rejected with error of ACCESS_POLICY_VIOLATION for e.g. while trying to assign a role to a user with
will fail with error
The problem is being caused by post-update check on modifiedById on both sides of the relationship.
Describe the solution you'd like
Stop the post update checks when the modification is just connecting/disconnecting and not actual update of the model
Describe alternatives you've considered
...
Additional context
...
The text was updated successfully, but these errors were encountered: