Override a routes for add or dissociate relation between collections

Hey team,

We want to add extra logic when someone ‘Dissociate the relationship’ or add a new relation

We figure out that we need to override routes:

router.delete('/accounts/:recordId/relationships/features', permissionMiddlewareCreator.delete(), (request, response, next) => {
    next();
});

router.post('/accounts/:recordId/relationships/features', permissionMiddlewareCreator.delete(), (request, response, next) => {
    next();
});

But we get error 403

[forest] 🌳🌳🌳  'delete' access forbidden on accounts

Because we disable ‘Allow record deletion’ on both collections:

The question is how to allow or avoid permissions in the code for those 2 routes?
We want to ‘Allow record deletion’ stay disable, so no one can delete an item accidentally because Dissociate and Delete buttons are really close to each other.

Thanks and Happy New Year

Hi @Bojan_Antonijevic ! Currently we use the same permission for both actions (permissionMiddlewareCreator.delete()) to make it work we need to add a specific permission for the dissociate action.
I’ll push this feature request to our product team !

2 Likes

Thank you @Nicolas_Sailly, I just changed permissionMiddlewareCreator.delete() to permissionMiddlewareCreator.list() and all works fine.