Why I got 403 error: 'CREATE is only allowed with static instance-based authorization'
fourmatrix opened this issue · 2 comments
fourmatrix commented
Hello,
I add authentication to my FooService and Books:
annotate FooService with @(requires: 'authenticated-user');
annotate FooService.Books with @(restrict: [
{
grant: ['READ', 'CREATE', 'WRITE', 'DELETE'],
where: 'id = $user.id'
}
]);
When create a Books, I got 403 error with message : 'CREATE is only allowed with static instance-based authorization' , how can I fix it?
pianocktail commented
You cannot use CREATE and WRITE as it comprises 'INSERT' and on 'INSERT' you cannot use where clauses.
You need your authorization only for READ , UPDATE , DELETE.
On the intial creation of the data record the 'id' should be set to the '$user.id' automatically
fourmatrix commented
@pianocktail I got it, thank you very much!