#I get 403, but the role has the permission

I have 2 Collections, Teasers & Slides. I can add n slides to a teaser. A "normal" user can access both the teasers and the slides. But when I open a Teaser and try to access a slide, I get a 403 on GET http://cms.local/acme/items/teasers_slides/805

these are the permissions in the User role

does id 805 exist in the teasers_slides collection? and are you authenticating that get request?

805 exists, and yes. I think so. It happens in the GUI, not a REST client

when i click one of them

i get the 403 on the relation but the items opens in the sideeditor

a regular GET on teaser_slides works, I even can change the order of the slides

looks like you're opening a different collection via a relation on teaser_slides tho, are the rights on that related collection correct?

full access except delete for the user role on all relevant collections

I must say, it's all migrated from v8

i haven't tried it with a new, manual collection

okay, with a 2 new collections and a relation, it works. No I must find the difference

mhh, it tries to select teasers_slides.id = 805 but thats the block_id (aka slide_id)

so no data => 403

yep thats why i started with

does id 805 exist in the teasers_slides collection?

yeah, i know. I just saw the 805 there and thought "yep, it's there". sorry

i can't find a difference between the working relation and the broken one. it always uses the block_id instead of the primary id

https://github.com/directus/directus/issues/17108 thats the bug 🙂

already fixed

ah yeah we just merged that today last week (a similar one today)

nice. is there a fixed roadmap for patch releases?