CopyPastor

Detecting plagiarism made easy.

Score: 0.810326411434265; Reported for: String similarity Open both answers

Possible Plagiarism

Plagiarized on 2022-05-27
by RaytheonXie-MSFT

Original Post

Original - Posted on 2019-07-17
by Wesley Smith



            

            

                
            

        

        

            Present in both answers;
            Present only in the new answer;
            Present only in the old answer;
        

    

    

    

        

            

                

                    
                        The behavior you are seeing is expected for APIs that return a collection of resources, the reason for this is that the permissions are evaluated per resource, so that only the resources where you have permissions are returned.
                        
                        

                        
                        This is the way we process the request:
                        
                        

                        
                        We verify the permissions of the user making the call, if there are no permissions, an Unauthorized error is returned.
                        
                        

                        
                        The API call is then sent to the resource provider to handle, in this case, we ask for the full collection of resources.
                        
                        

                        
                        The results returned from the resource providers are then filtered based on the permissions the user has.
                        
                        

                        
                        The filtered results are returned to the user. (If everything was filtered out, then the response will be empty).
                        
                        

                        
                        I understand how this may be confusing, in this case, the list API is not restricted for the user, we restrict the results returned in the response, that's why a 200 OK with an empty array is the correct response to the scenario you have shared with us.
                        
                        

                        
                

            

            

                

                    
                        This is the answer I received from Microsoft on the subject:
                        
                        

                        
                        > The behavior you are seeing is expected for APIs that return a
                        
                        > collection of resources, the reason for this is that the permissions
                        
                        > are evaluated per resource, so that only the resources where you have
                        
                        > permissions are returned.
                        
                        > 
                        
                        > 
                        
                        > This is the way we process the request:
                        
                        > 
                        
                        > 1. We verify the permissions of the user making the call, if there are no permissions, an Unauthorized error is returned.
                        
                        > 
                        
                        > 2. The API call is then sent to the resource provider to handle, in this case, we ask for the full collection of resources.
                        
                        > 
                        
                        > 3. The results returned from the resource providers are then filtered based on the permissions the user has.
                        
                        > 
                        
                        > 4. The filtered results are returned to the user. (If everything was filtered out, then the response will be empty).
                        
                        > 
                        
                        > 
                        
                        > I understand how this may be confusing, in this case, the list API is
                        
                        > not restricted for the user, we restrict the results returned in the
                        
                        > response, that's why a 200 OK with an empty array is the correct
                        
                        > response to the scenario you have shared with us.
                        
                

            

        

    

    

        

        

            Present in both answers;
            Present only in the new answer;
            Present only in the old answer;
        

    



    











    

         Made by the SOBotics team.
            Published on StackApps.
            Source code on GitHub.
            Content provided by Stack Exchange API
            under the  CC BY-SA 3.0 license.