esi/esi-issues

Inconsistent Role Validation in `/corporations/{corporation_id}/roles/` Endpoint

Opened this issue · 0 comments

JamboChen commented

Bug

When attempting to retrieve the roles of a corporation using the /corporations/{corporation_id}/roles/ endpoint, an error is returned stating that the character doesn't have the required role(s), despite the character possessing the Personnel_Manager role.

The endpoint documentation states: "Return the roles of all members if the character has the personnel manager role or any grantable role." According to this description, I should receive a 200 response. Additionally, in-game, I can view the roles of corporation members, even though I cannot edit them.

Request

GET /latest/corporations/{corporation_id}/roles/?datasource=tranquility

Response

Status Code

403

Headers

Include relevant headers received. Timestamps and request ID is nice, you may not have all these values, fill out what you received (don't worry about headers not listed here, unless pertinent to your issue). E.g.:

 access-control-allow-credentials: true 
 access-control-allow-headers: Content-Type,Authorization,If-None-Match,X-User-Agent 
 access-control-allow-methods: GET,HEAD,OPTIONS 
 access-control-allow-origin: * 
 access-control-expose-headers: Content-Type,Warning,ETag,X-Pages,X-ESI-Error-Limit-Remain,X-ESI-Error-Limit-Reset 
 access-control-max-age: 600 
 allow: GET,HEAD,OPTIONS 
 content-length: 65 
 content-type: application/json; charset=UTF-8 
 date: Sat, 13 Jul 2024 19:00:06 GMT 
 strict-transport-security: max-age=31536000 
 x-esi-error-limit-remain: 99 
 x-esi-error-limit-reset: 54 
 x-esi-request-id: 537b52ff-8e23-4937-8145-e97a529ccec7

Body

Please provide the response body, feel free to scrub any opsec details you wish. E.g.:

{
  "error": "The given character doesn't have the required role(s)"
}

Expected

200

Additional Details

The /characters/{character_id}/roles/ endpoint returns the following roles for the character:

{
  "roles": [
    "Personnel_Manager",
    "Security_Officer",
    "Account_Take_2",
    "Brand_Manager",
    "Rent_Office",
    "Junior_Accountant",
    "Communications_Officer",
    "Contract_Manager",
    "Fitting_Manager",
    "Skill_Plan_Manager"
  ]
}

This confirms that the character has the Personnel_Manager role, which should be sufficient according to the documentation for accessing the list of roles in a corporation. I have verified that the corporation_id is correct, and in-game, I can view the roles of the corporation members but cannot edit them.

Checklist

Check all boxes that apply to this issue:

  • Bug description is provided
  • Request path is provided
  • Response status code is provided
  • Response headers are provided
  • Response body is provided
  • Expected response is provided