Does the SDK filter out tickets that are not created by/for the user?
Hello
We have a question about the Support Android SDK.
Before I start, I need to mention that we use our own custom UI and `JwtIdentity` to authenticate our users. We noticed that If a user is authenticated and tries to fetch a conversation (based on a conversation id) that was not opened by or for him, then he will get the following error:
404 {"error":"RecordNotFound","description":"Not found"}
Does this SDK filter out the conversations that do not belong to the authenticated user? If so, is there any way to bypass it?
-
Hi Vaios! If a user would be able to access a ticket that they didn't create, that would be a security issue, so this is absolutely intentional. Could you explain your use-case so that I can understand what you're looking to accomplish here?
-
Thank you very much for your quick response :)
We were thinking that maybe users who share a resource (car, house, etc) should be able to see tickets that were opened for this resource. Is this possible to happen? -
I would recommend looking into organization access to handle this. It may not be a 1:1 fit, but it would give you what you are generally looking for here!
サインインしてコメントを残してください。
3 コメント