core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon dotCMS

Indexcount API Not Respecting Permissions

Open Neehakethi opened this issue 7 months ago • 1 comments

Parent Issue

No response

Problem Statement

Issue Description

When using the indexcount API, it does not respect the permissions of the logged-in user, while the query API does. This inconsistency causes issues with pagination in our image browser.

Steps to Reproduce

  1. Log in to demo with a user with limited permissions (e.g., "Contributer").
  2. Use the following API call to get the index count of the image content type /api/content/indexcount/+contentType
  3. Use the following API call to query images: /api/content/query/+contentType/limit/20/offset/0
  4. Observe that the index count API returns a count that does not respect the user's permissions, whereas the query API returns the correct results based on permissions.

Expected Behavior

The indexcount API should return the count of images that the logged-in user has permission to view.

Actual Behavior

The indexcount API returns the total count of all images, ignoring the user's permissions.

dotCMS Version: 24.04.24_lts_v3

Screenshot 2024-07-18 at 8 39 52 AM Screenshot 2024-07-18 at 8 40 38 AM

Acceptance Criteria

The indexcount API should return the count of images that the logged-in user has permission to view.

dotCMS Version

dotCMS Version: 24.04.24_lts_v3

Proposed Objective

Core Features

Proposed Priority

Priority 3 - Average

External Links... Slack Conversations, Support Tickets, Figma Designs, etc.

https://dotcms.zendesk.com/agent/tickets/117196

Assumptions & Initiation Needs

No response

Quality Assurance Notes & Workarounds

No response

Sub-Tasks & Estimates

No response

Neehakethi avatar Jul 19 '24 17:07 Neehakethi