EPiServer.ContentDeliveryApi 1.0.1
EPiServer.ContentDeliveryApi 2.1.0
Jun 25, 2018
Oct 30, 2018
Closed, Fixed and tested
Steps to reproduce
1. Customize settings to set RequiredRole setting to "ApiGroup" and do not set MinimumRoles setting in code -> Authorization header is not required in this case.
var options = new ContentApiOptions { MultiSiteFilteringEnabled = false, RequiredRole = "ApiGroup" };
2. Create the user group "ApiGroup" having no rights for all content.
3. Send a GET request without an Authorization header for getting content data:
{{EPCMSHost}}/api/episerver/v1.0/content/5
Expected:
Returns error code 403 Forbidden with an informative error message.
Actual:
Returns error code 404 "Content was not found" even though the published content #5 exists on the site. The exception in log file as below is not related to the root cause that is a matching group and minimum access rights for MinimumRoles setting.
ERROR EPiServer.ContentApi.Controllers.ContentApiController: Content was not found EPiServer.Core.ContentNotFoundException: Content was not found at EPiServer.ContentApi.Controllers.ContentApiController.ResultFromContent(IContent content, String expand) at EPiServer.ContentApi.Controllers.ContentApiController.Get(String contentReference, List`1 languages, String expand)