Project

General

Profile

Bug #2931

Updated by Tom Clegg almost 10 years ago

Under the following conditions 
 * A link exists in the database with @head_uuid=null and link_class<>'permission'@, owned by (say) admin 
 * Non-admin user creates an ApiClientAuthorization (e.g., with the "share" button on the Workbench "show collection" page) 
 * Non-admin user deletes the ApiClientAuthorization (e.g., "unshare") 

 Result: Permission denied. "dependent: destroy" hook tries to delete all links with head_uuid=null. 

Back