You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PermissionService.grant({role:'registered', model:'sth', action:'read', relation:'role'}), then 'get /sth/' and 'get /sth/:id' can both be accessed by all registered users despite of ownership. PermissionService.revoke({role:'registered', model:'sth', action:'read', relation:'role'}), then 'get /sth/' and 'get /sth/:id' would both be forbidden for all registered users despite of ownership.
And permission {role:'registered', model:'sth', action:'read', relation:'owner'} seems to have no effect.
I just don't know if it is a designed feature or a bug.
The text was updated successfully, but these errors were encountered:
This package still active?
By my test,
Then, 'put /sth/:id' can only be accessed by the user who owns the 'sth/:id', it works.
However, I need similar access control for 'get /sth/:id', I want only the owner can access 'get sth/:id'. I tried the following operations:
But it does not work.
PermissionService.grant({role:'registered', model:'sth', action:'read', relation:'role'}), then 'get /sth/' and 'get /sth/:id' can both be accessed by all registered users despite of ownership.PermissionService.revoke({role:'registered', model:'sth', action:'read', relation:'role'}), then 'get /sth/' and 'get /sth/:id' would both be forbidden for all registered users despite of ownership.And permission {role:'registered', model:'sth', action:'read', relation:'owner'} seems to have no effect.
I just don't know if it is a designed feature or a bug.
The text was updated successfully, but these errors were encountered: