Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does it do?
Fix an issue where setting permissions with conditions on the assets for the upload plugin can break the permissions checks.
In a previous PR, the auto-populate for the fetch has been removed, which caused the
created_by
attribute to be raw instead of populated, hence causing an issue when fetching the associated role.As a fix, we simply use the raw identifier (from the
created_by
field) instead of trying to access theid
property inside.Another idea would've been to fetch directly the whole user based on the
created_by
id, but it would mean fetching also unwanted properties for the user, such as password & co.Why is it needed?
Upload plugin's assets permissions are not working as they should.
How to test it?
See: #10452 ("Steps to reproduce this issue")
Related issue(s)/PR(s)
introduced by #10370
fix #10452