We’ve been able to reproduce this bug in the following way: (app ID: 36E4262F-E672-1A40-FFCF-B3523EB51200 )
- Created two tables “TestSet” and “TestItem”, where TestSet has just one column TestSet.items (1:N of TestItem)
- Both tables have all role permissions set to deny. However, the ownership policies have all permissions granted.
- Multiple objects owned by the same user are created in TestItem
- One object owned by that same user is created in TestSet, with the items column populated with those TestItem objects.
let result = await Backendless.Data.of('TestItem').find();
let query = Backendless.DataQueryBuilder.create().setRelated('items');
result = await Backendless.Data.of('TestSet').findFirst(query);
First api call prints the expected result; an array with the three owned items
Second api call prints the object, with no “items” field at all
Second api call should print the object with the items field containing an array of the owned objects. We have only been able to get this to work by granting the “Load Relations” permissions on the relevant user roles. User role permissions for Load Relations unexpectedly overrides the object ownership policy.