Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session details gives error 500 when user is not superuser #74

Closed
seriousm4x opened this issue Aug 18, 2020 · 5 comments
Closed

Session details gives error 500 when user is not superuser #74

seriousm4x opened this issue Aug 18, 2020 · 5 comments
Assignees
@milesmcc
Labels
bug Something isn't working

Comments

@seriousm4x
Copy link

I've created a second account for someone else, set him as a collaborator for the service and granted him every right possible (including "analytics | session | Can view session") in the user settings. Still, when he clicks on a specific user session, he gets an error 500 from the server.

When I give him superuser status he can view session details.

Not sure if it's a bug but a user shouldn't need superuser rights to view session details.

(I added an image where it's not working but the user has all rights)
2020-08-18 11_58_28
@milesmcc
Copy link
Owner

milesmcc commented Aug 18, 2020
edited
Loading

Hmm, this is strange; I will try to replicate. In the meantime, are there any errors printed to the logs?

@milesmcc milesmcc self-assigned this Aug 18, 2020
@milesmcc milesmcc added the bug Something isn't working label Aug 18, 2020
@seriousm4x
Copy link
Author

Yes sure, don't know why I forgot. I replaced the service and session IDs.

shynet_1  | ERROR Internal Server Error: /dashboard/service/xyz/sessions/xyz/
shynet_1  | Traceback (most recent call last):
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
shynet_1  |     response = get_response(request)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 179, in _get_response
shynet_1  |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/django/views/generic/base.py", line 73, in view
shynet_1  |     return self.dispatch(request, *args, **kwargs)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/mixins.py", line 52, in dispatch
shynet_1  |     return super().dispatch(request, *args, **kwargs)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/mixins.py", line 83, in dispatch
shynet_1  |     if not self.has_permission():
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/rules/contrib/views.py", line 50, in has_permission
shynet_1  |     return self.request.user.has_perms(perms, obj)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/models.py", line 301, in has_perms
shynet_1  |     return all(self.has_perm(perm, obj) for perm in perm_list)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/models.py", line 301, in <genexpr>
shynet_1  |     return all(self.has_perm(perm, obj) for perm in perm_list)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/models.py", line 294, in has_perm
shynet_1  |     return _user_has_perm(self, perm, obj)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/models.py", line 204, in _user_has_perm
shynet_1  |     if backend.has_perm(user, perm, obj):
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/rules/permissions.py", line 32, in has_perm
shynet_1  |     return has_perm(perm, user, *args, **kwargs)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/rules/permissions.py", line 24, in has_perm
shynet_1  |     return permissions.test_rule(name, *args, **kwargs)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/rules/rulesets.py", line 6, in test_rule
shynet_1  |     return name in self and self[name].test(*args, **kwargs)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/rules/predicates.py", line 154, in test
shynet_1  |     return bool(self._apply(*args))
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/rules/predicates.py", line 213, in _apply
shynet_1  |     result = self.fn(*callargs)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/rules/predicates.py", line 165, in OR
shynet_1  |     return self._combine(other, operator.or_, args)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/rules/predicates.py", line 184, in _combine
shynet_1  |     self_result = self._apply(*args)
shynet_1  |   File "/usr/local/lib/python3.8/site-packages/rules/predicates.py", line 213, in _apply
shynet_1  |     result = self.fn(*callargs)
shynet_1  |   File "/usr/src/shynet/core/rules.py", line 14, in is_service_owner
shynet_1  |     return service.owner == user
shynet_1  | AttributeError: 'Session' object has no attribute 'owner'

@milesmcc
Copy link
Owner

Fixed in v0.6.3. Thanks!

@seriousm4x
Copy link
Author

Well that was quick. Thanks! I will test it, once the update is on docker.

@seriousm4x
Copy link
Author

works!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@milesmcc milesmcc

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@milesmcc @seriousm4x