Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When querying the useraccount of a user with permission to resource user, I always get "permission denied".
Example:
http://example.com/user.json?uid=4
or
http://example.com/user.json?name=timlie
gives "permission denied".
When giving this user the "administer users" permission I get the correct json string.
Is this by design because I would think a user can query its own user account...
Thanks!
Comments
Comment #1
Media Crumb CreditAttribution: Media Crumb commentedSame issue. The module status that everything works based off permissions, but this is hardly the case in real world practice. I feel like I spend most of my time trying to hack the module instead of it just "working" as was the intention of RESTws in the first place. For instance:
I have all profile set to viewable by anonymous within permissions. However in RESTws I get forbidden for users of my app when i try to hit the resource. I assume this is because anonymous are not allow CRUD on profiles. While that makes sense, it doesnt solve these types of everyday scenarios where areas are viewable but not editable. On top of that it isn't consistent in any way. Content Types work fine for anonymous users, but this isnt the case for profiles. I'm starting to wonder if this should even be used on a production app.
Comment #2
dalinPossibly a dupe of #2169363