Content
View differences
Updated by Jens Ulferts almost 6 years ago
### **Steps to reproduce:**
1. Have an archived project
2. Login as admin
3. Either:
1. Attempt to fetch the archived project via a filter on the index end point, e.g. [https://community.openproject.com/api/v3/projects?filters=\[{%22active%22:{%22operator%22:%22=%22,%22values%22:\[%22f%22\]}}\]](https://community.openproject.com/api/v3/projects?filters=[{%22active%22:{%22operator%22:%22=%22,%22values%22:[%22f%22]}}])
2. Attempt to fetch the archived project via the individual GET end point, e.g. [https://community.openproject.com/api/v3/projects/5](https://community.openproject.com/api/v3/projects/5)
### **Actual Behavior**
Both end points do not return archived projects even for administrators.
### **Expected Behavior**
Administrators should have archived projects returned on both end points
**Notes**
The error seems to be caused by adding the `.visible` scope to `Project` in order to limit the projects to only those visible to the user. As the visible scope will only return projects in which the user has the `:view_projects` permission, and as archived projects do not grant any permissions, the projects are not even visible for administrators.
The `.visible` scope could be altered to return all projects (i.e. turned into a no-op) for administrators. This might however have unwanted side effects.
1. Have an archived project
2. Login as admin
3. Either:
1. Attempt to fetch the archived project via a filter on the index end point, e.g. [https://community.openproject.com/api/v3/projects?filters=\[{%22active%22:{%22operator%22:%22=%22,%22values%22:\[%22f%22\]}}\]](https://community.openproject.com/api/v3/projects?filters=[{%22active%22:{%22operator%22:%22=%22,%22values%22:[%22f%22]}}])
2. Attempt to fetch the archived project via the individual GET end point, e.g. [https://community.openproject.com/api/v3/projects/5](https://community.openproject.com/api/v3/projects/5)
### **Actual Behavior**
Both end points do not return archived projects even for administrators.
### **Expected Behavior**
Administrators should have archived projects returned on both end points
**Notes**
The error seems to be caused by adding the `.visible` scope to `Project` in order to limit the projects to only those visible to the user. As the visible scope will only return projects in which the user has the `:view_projects` permission, and as archived projects do not grant any permissions, the projects are not even visible for administrators.
The `.visible` scope could be altered to return all projects (i.e. turned into a no-op) for administrators. This might however have unwanted side effects.