Error when accessing a programme resources

[Eleonore9]

I did a GET request on a programme "https://www.getembed.com/4/programmes/programme-id " the response is ExceptionInfo clj-http: status 403 clj-http.client/wrap-exceptions/fn--9468 (client.clj:196).

-> When querying "https://www.getembed.com/4/programmes/" this programme is returned (amongst lots of other programmes). -> When looking at the logs on the server I see only 3 programmes I'm allowed to access as programme manager. -> The programme tested had :public_access "true"

[otfrom]

I think allowed?* in k.h.a.programmes is using filter-programmes in the wrong way. (programme/get-by-id ...) should be in the match part and there should be a check for whether the public_access bit is true. All off the match lines in

(match [(has-admin? role)
                 (has-programme-manager? programme_id allowed-programmes)
                 (has-user? programme_id allowed-programmes nil nil)
                 request-method]

                [true _ _ _]    [true {::item (assoc (programmes/get-by-id session programme_id) :editable true :admin true)}]
                [_ true _ _]    [true {::item (first (filter-programmes allowed-programmes allowed-projects programme-ids-for-projects
                                                                        [(programmes/get-by-id session programme_id)]))}]
                [_ _ true :get] [true {::item (first (filter-programmes allowed-programmes allowed-projects programme-ids-for-projects
                                                                        [(programmes/get-by-id session programme_id)]))}]
                :else false)

should look like

[true {::item (assoc programme-from-let :editable <as appropriate> :admin <as appropriate>)}]