This repository has been archived by the owner on Jan 6, 2023. It is now read-only.
Public endpoints returning error 300 #854
Assignees
Labels
bug
Something isn't working
Comments
rijkvanzanten
added
the
not reproducible
|
This seems to be working as expected for me on the live demo version. If possible, could you share a dump of the database so we can reproduce your exact setup? |
|
Hey @rijkvanzanten-- I believe I've discovered what the issue is, and it might be a somewhat special or unique case. The problem seems to be that the tables were initially created with the default "status" fields Directus adds, and so when the permissions were set, the directus_permissions table had a value for the different status options: After experimenting with the tables for a while, we removed the status column from the table without thinking about it. Apparently, even when I set the public read permission after removing the status field from the table, it still didn't want to let me view the items publicly: I thought it was odd that the permissions with the statuses were still there, even though that column didn't exist anymore, so I manually removed all entries in the permissions table and added a new one with the "status" set to null And I am now able to access to data publicly: So this one may have been a special problem caused by unique circumstances and/or my own stupidity. Do with this what you will, but maybe it would be beneficial to have the app remove status-based permissions when a status column is removed? I imagine that's not a super high priority issue for you to address, however. |
|
Thanks for clearing that up @pessimisticpaperclip! |
rijkvanzanten
added
bug
binal-7span
added a commit
to binal-7span/api
that referenced
this issue
Apr 18, 2019
|
@pessimisticpaperclip The system is working as expected so this can't be actually considered as a bug. Take a scenario: You've created 2 statuses:
You have records & its permissions are based on status. To make this flow stable, I've made changes in conditions like when you delete the status field, it removes all the status related permissions and hence the items will be private. You can check that from #896 |
hemratna
added a commit
that referenced
this issue
May 1, 2019
* Return object in delete after hook instead of onli ID (#882) * Add fix for big file sizes Closes #750 * Add migrations for hash and single-file * Show correct fields in roles.users For some reason the database column for options was empty Closes https://github.com/directus/app/issues/1471 * Delete ISSUE_TEMPLATE.md * security notice * Add check for mod_php before setting php_value for upload size This will prevent errors on systems that don't allow overriding the php values from within the .htaccess files. This will only check for php 7+ though, as the mod_php directive is version specific. This is okay for now, as we officially only support PHP 7.1+ * Change field width from integer to string This will allow the app to render the fields in the correct widths starting with v7.2. * Issue fix #854 (#896) * Add migrations for setting field notes and widths Lays out the settings a bit nicer and adds setting descriptions. Fixes https://github.com/directus/app/issues/1379 * Fix sort order of fields on install * Increase specificity of migrations so it doesn't target non-settings * Move collection notes to the DB I'm aware that this makes them english only for the time being. Once we implement the using the translation column in the app, we can make them properly translatable. * Fix abstraction name * Add migrations for misc fields Sorting of files, making a couple interfaces required, etc * Bump version * Fix: Wrong MIME for extentions in uppercase (#895) * FEAT more events that invalidate the cache (#892) * Allowing string relations (#800) * emoji support for comments and bookmark names * Use JSON interface for system collections * Fixing custom primary key primary key column name (#881) Swapping this variable seems to resolve the issue. * Bump version * Issue #885 (#898) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * Issue#885 - Done * #885 Removed Test cases * Issue #886 (#899) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * Issue#885 - Done * Issue#886 - Done * #886 Reverted unwanted code * Issue #884 (#901) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #884 Done * #884 Removed Test cases * Issue #884 - Change (#907) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #884 Done * #884 Removed Test cases * #884 change * Fix#810 (#908) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #810 done * #810 Reverting Test Cases * Issue Fix #902 (#909) * Issue fix #902 * Add migration for allow value nullable in settings table * Set texttype for value field * Doc issue fix #84 (#910) * Issue fix #841 (#911) * Increase expiry time of tokens from 5 to 20 minutes (#913) It should still be pretty secure. This allows the app to go easier on the refreshing, and it makes sure that you can upload large files without having the token expire halfway through. * Fix missing ref to 5 min exp * Issue Fix #863 (#916) * Issue fix #853 (#918) * Issue Fix #920 (#922) * Issue Fix #920 * Issue Fix #920 * Generate GraphQL schema file which support primary-key, text-input and numeric interfaces. * Implement graphql-php server. * GraphQL type for DirectUs files * Code cleanup. * Adding custom scalar support for Date, Datetime, JSON * Adding support for the m2o type in schema generation. * Adding support for m2o type. * Support for O2M. GraphQL type for Directus Role. Rename GraphQL types for Directus user, files. * Adding pagination support. * Code cleanup. * Adding time scalar type. * Adding meta support. * Search filter approach 1. * Search result. * Adding support for AND and OR logical filter. * Rebase with master. * Adding support for Activity, Collection Preset, Collection, Field type. Change the naming convention. Adding pascal case function in string utils. * Adding support for setting collection. * Adding support for Folder, Permission, Relation, Revision collection. * Adding README.md * Update README.md * Change naming convention to snake_case.
hemratna
added a commit
that referenced
this issue
May 7, 2019
* Return object in delete after hook instead of onli ID (#882) * Add fix for big file sizes Closes #750 * Add migrations for hash and single-file * Show correct fields in roles.users For some reason the database column for options was empty Closes https://github.com/directus/app/issues/1471 * Delete ISSUE_TEMPLATE.md * security notice * Add check for mod_php before setting php_value for upload size This will prevent errors on systems that don't allow overriding the php values from within the .htaccess files. This will only check for php 7+ though, as the mod_php directive is version specific. This is okay for now, as we officially only support PHP 7.1+ * Change field width from integer to string This will allow the app to render the fields in the correct widths starting with v7.2. * Issue fix #854 (#896) * Add migrations for setting field notes and widths Lays out the settings a bit nicer and adds setting descriptions. Fixes https://github.com/directus/app/issues/1379 * Fix sort order of fields on install * Increase specificity of migrations so it doesn't target non-settings * Move collection notes to the DB I'm aware that this makes them english only for the time being. Once we implement the using the translation column in the app, we can make them properly translatable. * Fix abstraction name * Add migrations for misc fields Sorting of files, making a couple interfaces required, etc * Bump version * Fix: Wrong MIME for extentions in uppercase (#895) * FEAT more events that invalidate the cache (#892) * Allowing string relations (#800) * emoji support for comments and bookmark names * Use JSON interface for system collections * Fixing custom primary key primary key column name (#881) Swapping this variable seems to resolve the issue. * Bump version * Issue #885 (#898) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * Issue#885 - Done * #885 Removed Test cases * Issue #886 (#899) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * Issue#885 - Done * Issue#886 - Done * #886 Reverted unwanted code * Issue #884 (#901) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #884 Done * #884 Removed Test cases * Issue #884 - Change (#907) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #884 Done * #884 Removed Test cases * #884 change * Fix#810 (#908) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #810 done * #810 Reverting Test Cases * Issue Fix #902 (#909) * Issue fix #902 * Add migration for allow value nullable in settings table * Set texttype for value field * Doc issue fix #84 (#910) * Issue fix #841 (#911) * Increase expiry time of tokens from 5 to 20 minutes (#913) It should still be pretty secure. This allows the app to go easier on the refreshing, and it makes sure that you can upload large files without having the token expire halfway through. * Fix missing ref to 5 min exp * Issue Fix #863 (#916) * Issue fix #853 (#918) * Issue Fix #920 (#922) * Issue Fix #920 * Issue Fix #920 * Issue fix #879 (#924) * [thumbnailer] Support for files in subdirectories (#856) Many websites store images in a complex directory structure. This PR makes it possible to use thumbnailer in such cases. For instance : `/thumbnail/_/100/100/crop/good/complex/path/to/some-image.jpg * defaults cors.max-age to 600 (#921) * Bump version * Generate GraphQL schema file which support primary-key, text-input and numeric interfaces. * Implement graphql-php server. * GraphQL type for DirectUs files * Code cleanup. * Adding custom scalar support for Date, Datetime, JSON * Adding support for the m2o type in schema generation. * Adding support for m2o type. * Support for O2M. GraphQL type for Directus Role. Rename GraphQL types for Directus user, files. * Adding pagination support. * Code cleanup. * Adding time scalar type. * Adding meta support. * Search filter approach 1. * Search result. * Adding support for AND and OR logical filter. * Rebase with master. * Adding support for Activity, Collection Preset, Collection, Field type. Change the naming convention. Adding pascal case function in string utils. * Adding support for setting collection. * Adding support for Folder, Permission, Relation, Revision collection. * Adding README.md * Update README.md * Change naming convention to snake_case. * Change in naming convention. Merge list and single query into list query by adding additional arg `id`.
Lapsus
pushed a commit
to Lapsus/api
that referenced
this issue
May 8, 2019
binal-7span
pushed a commit
that referenced
this issue
Jun 17, 2019
* pgsql 10 initial support * email_notification column must be set as a boolean * Handle unique column collisions * BUG delta in revisions can be null * BUG transformed the remaining lastInsertValue into getLastGeneratedId() * Pass new item flag to o2m new items Closes https://github.com/directus/app/issues/1418 * Don't show popover for 0 items / no template Closes https://github.com/directus/app/issues/1397 * Bug fix (#848) * Merge conflict resolve * Handle item not found exception in collection detail API * Extended the list of safe tags (#849) As described in issue #832 * Issue fix #819 (#851) * Mark adding new item as new in m2m * Bump version * Revert composer changes * Issue fix #843 (#852) * BUG searches with LIKE on non-textual columns * Remove the extensions from the API * Issue fix #847 (#857) * Issue fix #833 (#859) * Initial commit for documentation (#844) * Revert "Initial commit for documentation (#844)" (#868) This reverts commit 6e85d59. * BUG Bypass Zend-db choice not to allow nullable boolean fields * BUG field length were not taken into account * CHORE dupliacted line * BUG o2m working + post-alter table event dispatching * Return object in delete after hook instead of onli ID (#882) * Add fix for big file sizes Closes #750 * Add migrations for hash and single-file * Show correct fields in roles.users For some reason the database column for options was empty Closes https://github.com/directus/app/issues/1471 * Delete ISSUE_TEMPLATE.md * security notice * Add check for mod_php before setting php_value for upload size This will prevent errors on systems that don't allow overriding the php values from within the .htaccess files. This will only check for php 7+ though, as the mod_php directive is version specific. This is okay for now, as we officially only support PHP 7.1+ * Change field width from integer to string This will allow the app to render the fields in the correct widths starting with v7.2. * Issue fix #854 (#896) * Add migrations for setting field notes and widths Lays out the settings a bit nicer and adds setting descriptions. Fixes https://github.com/directus/app/issues/1379 * Fix sort order of fields on install * Increase specificity of migrations so it doesn't target non-settings * Move collection notes to the DB I'm aware that this makes them english only for the time being. Once we implement the using the translation column in the app, we can make them properly translatable. * Fix abstraction name * Add migrations for misc fields Sorting of files, making a couple interfaces required, etc * Bump version * Fix: Wrong MIME for extentions in uppercase (#895) * FEAT more events that invalidate the cache (#892) * Allowing string relations (#800) * emoji support for comments and bookmark names * Use JSON interface for system collections * Fixing custom primary key primary key column name (#881) Swapping this variable seems to resolve the issue. * Bump version * Issue #885 (#898) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * Issue#885 - Done * #885 Removed Test cases * Issue #886 (#899) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * Issue#885 - Done * Issue#886 - Done * #886 Reverted unwanted code * Issue #884 (#901) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #884 Done * #884 Removed Test cases * Issue #884 - Change (#907) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #884 Done * #884 Removed Test cases * #884 change * Fix#810 (#908) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #810 done * #810 Reverting Test Cases * Issue Fix #902 (#909) * Issue fix #902 * Add migration for allow value nullable in settings table * Set texttype for value field * Doc issue fix #84 (#910) * Issue fix #841 (#911) * Increase expiry time of tokens from 5 to 20 minutes (#913) It should still be pretty secure. This allows the app to go easier on the refreshing, and it makes sure that you can upload large files without having the token expire halfway through. * Fix missing ref to 5 min exp * Issue Fix #863 (#916) * Issue fix #853 (#918) * Issue Fix #920 (#922) * Issue Fix #920 * Issue Fix #920 * Issue fix #879 (#924) * [thumbnailer] Support for files in subdirectories (#856) Many websites store images in a complex directory structure. This PR makes it possible to use thumbnailer in such cases. For instance : `/thumbnail/_/100/100/crop/good/complex/path/to/some-image.jpg * defaults cors.max-age to 600 (#921) * Bump version * Fix 943 (#947) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #943 * Fix 717 (#944) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #717 * Fix 576 (#926) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #576 - In progress * #576 O2M and M20 nested filters * #576 Fix O2M and M2O nested filters * get proper string length (#933) Not tested... I only based this PR on: Ref: 0fce6a4#commitcomment-33408113 * fixed settings logo (#940) * added collection/table to InvalidFieldException (#956) * Fix 931 (#936) * Test cases : AUthentication - Auth, Forgot Password, Collections - Create, Delete * #931 * #931 * Issue fix #917 (#960) * reuse item service instead of using a new instance (#959) * Issue fix 762 (#961) * Plain text mail issu resolve (#966) * Bump version
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Bug Report
When an endpoint is set to be publicly readable, the API still returns error 300 when trying to read it. See screenshots below for demonstration.
Steps to Reproduce
Expected Behavior
Items in the collection should be returned
Actual Behavior
Error 300
Other Context & Screenshots
All collections are set to be publicly readable
When attempting to access the items via the API, access is denied.
Technical Details
The text was updated successfully, but these errors were encountered: