Content-Permissions API parameter combination behavior #4323
Comments
|
Good spot, and thank you very much for raising @toras9000. Can confirm. Will assign to be fixed, with testing updated to cover, for next feature release. |
ssddanbrown
added a commit
that referenced
this issue
Jun 20, 2023
Fixes issue where providing owner_id alongside certain fallback_permissions would cause the owner change not to take affect, due to bad variable shadowing. For #4323
|
This is now addressed in 41c3ed1, and will be part of the next feature release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the Bug
In the UPDATE endpoint of the Content-Permissions API, the owner ID may not be updated depending on the combination of other parameters.
Specifically, if both
owner_idandfallback_permissionsare specified, the owner will not be updated.If only
owner_idis specified, or ifowner_idandrole_permissionsare specified, the update will be done as specified.Steps to Reproduce
The following request parameters will not update the owner
-
{"owner_id":10,"fallback_permissions":{"inheriting":false,"view":true,"create":false,"update":false,"delete":false}}Expected Behaviour
I opened this as a bug issue, but I am not sure if this was intended.
Perhaps the owner should be changed, regardless of the combination of parameters.
Screenshots or Additional Context
I think the reason is that in
updateFromApiRequestData()inPermissionsUpdater.php, the$datavariable is replaced in the middle.Browser Details
No response
Exact BookStack Version
v23.05.02
PHP Version
No response
Hosting Environment
Docker image, lscr.io/linuxserver/bookstack:version-v23.05.2
The text was updated successfully, but these errors were encountered: