GROQ icon indicating copy to clipboard operation
GROQ copied to clipboard

Published 20 hours ago verified publisher icon sanity-io

Dot character in document identifier leads to null value in dereferenced array

Open Michael-1 opened this issue 1 year ago • 1 comments

I believe I have found a bug with referencing documents that contain the dot character (.) in their identifier.

Let’s say a have document campaign that includes the following field specification.

{
  name: 'organisations',
  title: 'Organisations',
  type: 'array',
  of: [{type: 'reference', to: [{type: 'organisation'}]}],
}

I then query this with

*[ _id == "example-campaign"] {
  organisations[] -> {
    _id,
    name
  }
}[0]

and get null entries for all organisations that have a dot character in their _id.

However, if I pass an authorisation token with the request, then the bug is not reproducible. I then also get those organisations that contain a dot in their identifier. (All involved documents are published, so I wouldn’t expect a different behaviour.)

Michael-1 avatar May 08 '23 10:05 Michael-1

I’ve meanwhile come a cross the following statement in Sanity’s documentation of identifiers:

The default, fixed access control rules give unauthenticated users read access to documents under the root path only, which means that it is not possible to make documents under a sub-path (i.e. containing a . in the ID) publicly available.

So, this seems to be by design.

Michael-1 avatar May 08 '23 13:05 Michael-1