Brandon Shelley created USERGRID-1020:
-----------------------------------------
Summary: Permissions, when applied directly to a user, do not
appear to work
Key: USERGRID-1020
URL: https://issues.apache.org/jira/browse/USERGRID-1020
Project: Usergrid
Issue Type: Bug
Components: Stack
Affects Versions: 1.0, 2.0.0
Reporter: Brandon Shelley
Using the UI, assign permissions to a user object with the following:
{code}*Username Permissions GET PUT POST DELETE*
username: /collection/** no no no no{code}
If you then use the user's token to make an API call to /collection, for
example:
{code}GET /collection{code}
It returns entities.
Expected results:
No entities should be visible, and a permission denied error (401) should be
returned in the API response.
Tested this same behavior when applying permissions to a group, and adding the
user to the group instead, and this works as expected.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
