ContentNotFoundException inapproporate with missing MinimumRoles setting

Found in

EPiServer.ContentDeliveryApi 1.0.1

Fixed in

EPiServer.ContentDeliveryApi 2.1.0

Created

Jun 25, 2018

Updated

Oct 30, 2018

State

Closed, Fixed and tested


Description

Steps to reproduce

1. Customize settings to set RequiredRole setting to "ApiGroup" and do not set MinimumRoles setting in code -> Authorization header is not required in this case.

     var options = new ContentApiOptions
            {
                MultiSiteFilteringEnabled = false,
                RequiredRole = "ApiGroup"
            };

2. Create the user group "ApiGroup" having no rights for all content.
3. Send a GET request without an Authorization header for getting content data:

{{EPCMSHost}}/api/episerver/v1.0/content/5

Expected:
Returns error code 403 Forbidden with an informative error message.

Actual:
Returns error code 404 "Content was not found" even though the published content #5 exists on the site. The exception in log file as below is not related to the root cause that is a matching group and minimum access rights for MinimumRoles setting.

ERROR EPiServer.ContentApi.Controllers.ContentApiController: Content was not found
EPiServer.Core.ContentNotFoundException: Content was not found
   at EPiServer.ContentApi.Controllers.ContentApiController.ResultFromContent(IContent content, String expand)
   at EPiServer.ContentApi.Controllers.ContentApiController.Get(String contentReference, List`1 languages, String expand)