Suppress field errors when serving a content through odata. (#144)

This change makes odata responses more robust. If a security error occurs during formatting a field (e.g. a field tries to access another content that the user does not have access to), it makes the whole response invalid by returning an error code. This change suppresses that exception and silently returns a *null* value.
SenseNet · Aug 10, 2017 · c4895cd · c4895cd
1 parent 63f8be7
commit c4895cd
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/src/Services/OData/ODataFormatter.cs b/src/Services/OData/ODataFormatter.cs
@@ -869,7 +869,19 @@ internal static object GetJsonObject(Field field, string selfUrl)
             {
                 return ODataReference.Create(String.Concat(selfUrl, "/", field.Name));
             }
-            data = field.GetData();
+            try
+            {
+                data = field.GetData();
+            }
+            catch (SenseNetSecurityException)
+            {
+                // The user does not have access to this field (e.g. cannot load
+                // a referenced content). In this case we serve a null value.
+                data = null;
+
+                SnTrace.Repository.Write("PERMISSION warning: user {0} does not have access to field '{1}' of {2}.", User.LoggedInUser.Username, field.Name, field.Content.Path);
+            }
+
             var nodeType = data as NodeType;
             if (nodeType != null)
                 return nodeType.Name;