budibase icon indicating copy to clipboard operation
budibase copied to clipboard
Published 3 months ago • verified publisher icon Budibase

User does not have permission error shows up due to relationship column being set to read only on a view.

Open ConorWebb96 opened this issue 1 year ago • 3 comments

Checklist

  • [x] I have searched budibase discussions and github issues to check if my issue already exists

Hosting

  • Self
    • Method: docker compose
    • Budibase Version: 3.4.16
    • App Version: 3.4.16

Describe the bug A relationship field set to read-only (via column restriction on the view) causes an error: "User does not have permission." When viewing with a custom role, a 403 error in the network tab occurs when a user with that role accesses the screen.

To Reproduce Steps to reproduce the behavior:

  1. Import the attached app
  2. Preview the app as a manager
  3. See the error being thrown

Expected behavior If Role X has read access to View/Table Y, which includes a relationship column (at least readable) linking to Table Z, then X must be able to fetch Z's schema.

No error should be thrown whenever viewing the forms attached to the view. The form field is read-only, but a value should be shown if you use a read/edit form block.

Screenshots View as a manager Image

The form that causes the error: You can see the relationship is blank on an update type. Image

Network error being thrown Image Image Image

App Export relationship-view-issue-1740394533671.tar.gz

ConorWebb96 avatar Feb 24 '25 14:02 ConorWebb96

BUDI-9077 User does not have permission error shows up due to relationship column being set to read only on a view.

linear[bot] avatar Feb 24 '25 14:02 linear[bot]

As discussed privately, this is either a bug with the relationship picker field hitting an API endpoint it shouldn't, or a backend issue where tables related to each other should be able to fetch each other's schema regardless of access.

I'm rewriting the entire relationship picker field because it's awful, so I'll soon see where the core problem lies.

aptkingston avatar Feb 25 '25 09:02 aptkingston

Discussed on Linear - this is actually due to the related tables permission level and is not something that can easily be fixed (a larger piece of work is required).

mike12345567 avatar Mar 11 '25 11:03 mike12345567

Discussed this with the product team. We will remove the ability to see/interact with relationships for views where the connected table has a higher access level than the view's access level.

ConorWebb96 avatar Aug 26 '25 08:08 ConorWebb96