Hi
I’m experiencing the following issue when calling services via REST API:
- I defined a service method that returns an Entity instance
- When the method is called via REST API, the security attributes are checked against the returned entity (see RestControllerUtils#applyAttributesSecurity method, called by ServicesControllerManager#_invokeServiceMethod)
- I realized that I missed to define appropriate permissions for a user’s role
- I log in as an admin on the web interface, and change role’s permissions accordingly
- Then I try to obtain a new auth token for the user via REST API, and call that service method
What I expect:
Being able to see the correct result (an entity with all the attributes I allowed in the role)
What happens now:
The same “empty” entity is returned, until I hard reload the application server
Thx
Paolo