Discrimination of user goups when using math() in DQL

I recently found a rather strange policy regarding the math() function in DQL when using ACL. I have set up a user lambda which is used by custom resolvers when performing DQL requests. Furthermore, I’ve set up 3 groups

  • readAll → can read all predicates
  • modifyAll → can modify all predicates
  • writeAll → can write all predicates

The lambda user is part of these 3 groups.

I want to emphasise that I’ve checked the top box in Ratel to make sure that ALL available predicates are selected for the specific groups

Now, when running any DQL query with math(), math gets ignored. If I run the same query with the groot user or make the lambda user part of the guardian group, I’m allowed to do math.

Therefore my question: why is only guardian educated enough to do math? Is this not a bit discriminating against other, maybe also pretty smart user groups? :sweat_smile:

Odd, I never heard about it.
Is this happening in lambda only?

Although not tested, I assume this happens with any DQL request, regardless from where it has been sent since I basically do my own fetch from inside the lambda.