ForbiddenError with authenticated user

hello guys! im having one strange issue with the authenticated users:

Issue:
Forbidden access with authenticated users

Description:

  • set permission for the authenticated only users to create SavedEvent type items
  • use mutation to create a SavedEvent gives me Forbidden access
    • Authentication header is passed
    • “Forbidden access” shows when try to use the mutation
    • “findOne” is active on permission for authenticated users

Mutation

mutation {
  createSavedEvent(data: { user: 7, event: 5 }) {
    data {
      attributes {
        event {
          data {
            attributes {
              title
              description
            }
          }
        }
      }
    }
  }
}

Result

{
  "errors": [
    {
      "message": "Forbidden access",
      "extensions": {
        "error": {
          "name": "ForbiddenError",
          "message": "Forbidden access",
          "details": {}
        },
        "code": "FORBIDDEN"
      }
    }
  ],
  "data": {
    "createSavedEvent": null
  }
}

any suggestion? there is something I’m missing?

Hello, same issue here! I’ve notice the record will be created even with error forbidden Access