Don't miss out Virtual Happy Hour this Friday (April 26).
Don't miss out Virtual Happy Hour this Friday (April 26).
EPiServer.ContentDeliveryApi 1.0.1
EPiServer.ContentDeliveryApi 2.1.0
Jul 11, 2018
Oct 30, 2018
Closed, Fixed and tested
Steps to reproduce
Precondition: Keep default settings in the ConfigurationService class that RequiredRole & MinimumRoles settings are set to VirtualContentApiRole as "contentapiread".
1. Create a new group named WebAdmins or WebEditors or "contentapiread".
2. Create new user in the group.
3. Do not add virtual role mapping to the group.
4. Set access rights for a page (e.g.: Start): Read right for the "Everyone" virtual role, but no rights for the created user and group.
5. Create an access token for the user.
6. Send a request to get content:
{{EPCMSHost}}/api/episerver/v1.0/content/5
Expected:
Returns error code 403 Forbidden because RequiredRole is limited to "contentapiread" but not others.
Actual:
Returns code 200 with content data.