System Information
- Strapi Version: 4.0.2
- Operating System: Linux (Ubuntu)
- Database: Postgres
- Node Version: 16.13.1
- NPM Version: 6
- Yarn Version: -
When authenticated and querying for user information (role permissions are enabled), I get an inconsistency between REST and GraphQL.
When fetching the REST endpoints
/api/users
/api/users/me
I cannot get the role of my user or all users. When executing the following GraphQl request, I can include the role:
{
me {
id
username
role {
id
name
type
}
}
}
{
"data": {
"me": {
"id": "1",
"username": "Admin",
"role": {
"id": "3",
"name": "Admin",
"type": "admin"
}
}
}
But only when fetching my user information. Trying to execute the following yields an error:
{
usersPermissionsUsers {
data {
id
attributes {
username
provider
email
role {
data {
id
attributes {
name
type
}
}
}
}
}
}
}
{
"errors": [
{
"message": "Forbidden access",
"extensions": {
"error": {
"name": "ForbiddenError",
"message": "Forbidden access",
"details": {}
},
"code": "FORBIDDEN"
}
}
],
"data": {
"me": {
"id": "1",
"username": "Admin",
"role": {
"id": "3",
"name": "Admin",
"type": "admin"
}
}
}
}
Permissions are the following:
Is this by design? And if so, why? Some background: The web app we’re building contains an admin section where users and their roles should be manageable (not via the Strapi admin panel).