data-api-builder icon indicating copy to clipboard operation
data-api-builder copied to clipboard

Published 20 hours ago verified publisher icon Azure

[Bug]: Entity can define two roles with same name (last one configured wins)

Open yorek opened this issue 1 year ago • 0 comments

What happened?

While DAB will still work fine, I was able to specify two roles with the same name for the same entity, for example:

 "permissions": [
        {
          "role": "test1",
          "actions": [
            {
              "action": "*",
              "policy": {
                "database": "@item.some_string eq 'Hello'"
              }
            }
          ]
        },
        {
          "role": "test1",
          "actions": [
            {
              "action": "*",
              "policy": {
                "database": "@item.some_number gt 10"
              }
            }
          ]
        }
      ]

I didn't get any error, but also it is not clear which role will be actually used (from looking at the generated SQL code, it looks like the last one wins).

During startup DAB should at least warn of the problem and return which role will be used or even just error out and stop execution. (I think giving a warning is better, and maybe we can error out only if some "strict" option is specified in the command line.

Version

Microsoft.DataApiBuilder 0.9.5-rc+73a02dcd3b85a73ac36a5675432a45b7a3cc4a7d

What database are you using?

Azure SQL

What hosting model are you using?

Local (including CLI)

Which API approach are you accessing DAB through?

No response

Relevant log output

No errors returned

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

yorek avatar Oct 04 '23 01:10 yorek