Hey all, I'm not understanding why this resource is returning 403 forbidden for logged in users. I've been pulling my hair out for hours on how to fix this. Here is my setup below.

  1. Blogs permissions are set to anonymous users and anyone can view them on the site.
  2. The Resource is set to anonymous users as well and these users can see all publish content on the site.
  3. Admin or user role with "bypass access control" can view the nodes at site.com/node.json?full=0&limit=10&type=blog just fine
  4. A logged in normal user gets 403 forbidden

The expectation is that anyone one logged in should be able to see that resource since access control allows all users including anonymous users to view it. Why on earth is the resource blocking users from a simple GET of all nodes of this type? The docs state that it follows the same access control as drupal has set for that resource. Whats the deal here?

Comments

Media Crumb created an issue. See original summary.

Media Crumb’s picture

Media Crumb CreditAttribution: Media Crumb commented
Issue summary: View changes
Media Crumb’s picture

Media Crumb CreditAttribution: Media Crumb commented
Related issues: +#2169363: Access denied when requesting a list of nodes with node/entity-access modules enabled

Looks like its related to this

lokapujya’s picture

lokapujya
Primary language English
Location Boston
CreditAttribution: lokapujya at Babson College commented
Status: Active » Closed (duplicate)