Skip to content
This repository has been archived by the owner on Mar 28, 2019. It is now read-only.

Permissions are not validated on PATCH #375

Closed
leplatrem opened this issue Jul 10, 2015 · 0 comments
Closed

Permissions are not validated on PATCH #375

leplatrem opened this issue Jul 10, 2015 · 0 comments
Assignees
@leplatrem
Labels
bug

Comments

@leplatrem
Copy link
Contributor

This is a side effect of #358.

With PUT:

echo '{"permissions": {"read": "me"}}' | http PUT "http://0.0.0.0:8888/v1/buckets/default/collections/articles/records/ff7db2ad-cc85-4715-b563-1579d4c27c3b" --auth=user:pass
HTTP/1.1 400 Bad Request
Access-Control-Expose-Headers: Backoff, Retry-After, Alert
Content-Length: 244
Content-Type: application/json; charset=UTF-8
Date: Fri, 10 Jul 2015 10:55:29 GMT
Server: waitress

{
    "code": 400, 
    "details": [
        {
            "description": "data is missing", 
            "location": "body", 
            "name": "data"
        }, 
        {
            "description": "\"me\" is not iterable", 
            "location": "body", 
            "name": "permissions.read"
        }
    ], 
    "errno": 107, 
    "error": "Invalid parameters", 
    "message": "data is missing"
}

With PATCH:

echo '{"permissions": {"read": "me"}}' | http PATCH "http://0.0.0.0:8888/v1/buckets/default/collections/articles/records/ff7db2ad-cc85-4715-b563-1579d4c27c3b" --auth=user:pass 
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Backoff, Retry-After, Alert
Content-Length: 219
Content-Type: application/json; charset=UTF-8
Date: Fri, 10 Jul 2015 10:56:01 GMT
Etag: "1436525081662"
Last-Modified: Fri, 10 Jul 2015 10:44:41 GMT
Server: waitress

{
    "data": {
        "id": "ff7db2ad-cc85-4715-b563-1579d4c27c3b", 
        "last_modified": 1436525081662, 
        "title": "toto"
    }, 
    "permissions": {
        "read": [
            "e", 
            "m"
        ], 
        "write": [
            "basicauth:631c2d625ee5726172cf67c6750de10a3e1a04bcd603bc9ad6d6b196fa8257a6"
        ]
    }
}

Or:

echo '{"permissions": 32}' | http PATCH "http://0.0.0.0:8888/v1/buckets/default/collections/articles/records/ff7db2ad-cc85-4715-b563-1579d4c27c3b" --auth=user:pass
HTTP/1.1 500 Internal Server Error
Content-Length: 196
Content-Type: application/json; charset=UTF-8
Date: Fri, 10 Jul 2015 10:56:35 GMT
Server: waitress

{
    "code": 500, 
    "errno": 999, 
    "error": "Internal Server Error", 
    "info": "https://github.com/mozilla-services/cliquet/issues/", 
    "message": "A programmatic error occured, developers have been informed."
}

Once #374 is fixed, the protected resource should validate the PATCH payload against the resource mapping.
@leplatrem leplatrem added the bug label Jul 10, 2015
@Natim Natim added this to the 2.2.2 milestone Jul 13, 2015
@leplatrem leplatrem modified the milestone: 2.2.2 Jul 13, 2015
leplatrem added a commit that referenced this issue Jul 17, 2015
@leplatrem
Fix schema validation with PATCH (fixes #374, #375)
c9d55d0
@leplatrem leplatrem self-assigned this Jul 17, 2015
leplatrem added a commit that referenced this issue Jul 17, 2015
@leplatrem
Fix schema validation with PATCH (fixes #374, #375)
ade2781
leplatrem added a commit that referenced this issue Jul 17, 2015
@leplatrem
Fix schema validation with PATCH (fixes #374, #375)
c76e248
leplatrem added a commit that referenced this issue Jul 17, 2015
@leplatrem
Fix schema validation with PATCH (fixes #374, #375)
d69b424
@Natim Natim closed this as completed in e2755a1 Jul 17, 2015
@Natim Natim removed the to review label Jul 17, 2015
glasserc pushed a commit that referenced this issue May 20, 2016
@leplatrem
Merge pull request #375 from Kinto/lighter-docker
9c89435 
Slightly lighter Docker container image
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@leplatrem leplatrem

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Natim @leplatrem