I recently found a rather strange policy regarding the math() function in DQL when using ACL. I have set up a user lambda which is used by custom resolvers when performing DQL requests. Furthermore, I’ve set up 3 groups
-
readAll→ can read all predicates -
modifyAll→ can modify all predicates -
writeAll→ can write all predicates
The lambda user is part of these 3 groups.
I want to emphasise that I’ve checked the top box in Ratel to make sure that ALL available predicates are selected for the specific groups
Now, when running any DQL query with math(), math gets ignored. If I run the same query with the groot user or make the lambda user part of the guardian group, I’m allowed to do math.
Therefore my question: why is only guardian educated enough to do math? Is this not a bit discriminating against other, maybe also pretty smart user groups? 