Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[regression] Admins can no longer add items from outside their org to a group
See original GitHub issueAs mentioned in PR https://github.com/Esri/arcgis-rest-js/pull/854, the endpoint used to add an item to a group was recently changed to account for a change in the Sharing API v9.2.
Prior to 9.2, the
/content/items/:id/shareendpoint would allow anorg_adminto share a private item, owned by another user, to a group (item owner must already be a member in said group).At 9.2. that no longer works; instead we need to use the
/content/users/:ownername/items/:id/shareroute, which is what this PR changes.
This change, however, created a regression such that admin users can no longer add items owned by someone outside their org to a group. This affects not only standard group/sharing workflows but also favoriting (since favoriting is implemented as a group).
A specific case of this was already reported in issue #882, but this issue more broadly affects an admin sharing (or favoriting) any item outside their org, not just Living Atlas items.
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Reading the code and the issue noted, I think…
we want to use
/content/users/:ownername/items/:id/shareonly:role: "org_admin"otherwise use
/content/items/:id/share.Currently we don’t get the item, so if we really want to restrict this flow to only non-public items, we’d have to do yet-another xhr. During the flow we do fetch the item owner if the
currentUser !=== owner, and so we could verify that the owner and the current user are in the same org (thus implying the item is in the same org)… this will take some refactoring, which is always scary w/ this part of the API - We do have a harness that we can use to verify this against the live api, so that’s a plus…I can try to get to this early next week ~9/20/21 - if someone inside Esri wants to tackle this sooner, the harness lives in devtopia at /dc/portal-api-check
@tomwayson @dbouwman I think both of you wrote most of the original sharing code can you take a look?