From 6480f33aa1e4d896c318e2b18e48bf2487824fc5 Mon Sep 17 00:00:00 2001 From: Welling Guzman Date: Tue, 17 Jul 2018 16:21:26 -0400 Subject: [PATCH] throw item not found on no read permission on single id --- src/core/Directus/Services/ItemsService.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/core/Directus/Services/ItemsService.php b/src/core/Directus/Services/ItemsService.php index 148eb2c8f0..69d1ee9ae5 100644 --- a/src/core/Directus/Services/ItemsService.php +++ b/src/core/Directus/Services/ItemsService.php @@ -6,6 +6,8 @@ use Directus\Database\RowGateway\BaseRowGateway; use Directus\Database\Schema\SchemaManager; use Directus\Exception\ForbiddenException; +use Directus\Permissions\Exception\ForbiddenCollectionReadException; +use Directus\Util\StringUtils; use Directus\Validator\Exception\InvalidRequestException; use Zend\Db\TableGateway\TableGateway; @@ -74,13 +76,27 @@ public function find($collection, $id, array $params = []) * @param array $params * * @return array + * + * @throws ItemNotFoundException + * @throws ForbiddenCollectionReadException */ public function findByIds($collection, $ids, array $params = []) { $statusValue = $this->getStatusValue($collection, $ids); $tableGateway = $this->createTableGateway($collection); + if (is_string($ids) && StringUtils::has($ids, ',')) { + $ids = StringUtils::csv((string)$ids, false); + } - $this->getAcl()->enforceRead($collection, $statusValue); + try { + $this->getAcl()->enforceRead($collection, $statusValue); + } catch (ForbiddenCollectionReadException $e) { + if (is_array($ids) && count($ids) > 1) { + throw new $e; + } else { + throw new ItemNotFoundException(); + } + } return $this->getItemsByIdsAndSetResponseCacheTags($tableGateway, $ids, array_merge($params, [ 'status' => null