I recently found a rather strange policy regarding the
math() function in DQL when using ACL. I have set up a user
lambda which is used by custom resolvers when performing DQL requests. Furthermore, I’ve set up 3 groups
readAll→ can read all predicates
modifyAll→ can modify all predicates
writeAll→ can write all predicates
lambda user is part of these 3 groups.
I want to emphasise that I’ve checked the top box in Ratel to make sure that ALL available predicates are selected for the specific groups
Now, when running any DQL query with
math(), math gets ignored. If I run the same query with the
groot user or make the lambda user part of the
guardian group, I’m allowed to do math.
Therefore my question: why is only
guardian educated enough to do math? Is this not a bit discriminating against other, maybe also pretty smart user groups?