Getting 403 error "User is not authorized to browse on collection" for a specific collection

Help me!
1

Feature(s) impacted

Only one Collection “ActivityPharmacyContentTagState” is not accessible for any user/on any environment(development/UA/Sandbox/Production), Error Code 403 Forbidden

Observed behavior

I recently created this collection ActivityPharmacyContentTagState along with others but I am getting an Invalid data error with this collection only, here are screenshots -

image
image910×483 16.7 KB

getting the below response -

image
image807×188 2.75 KB

All the other collections are accessible.

Expected behavior

I should be able to access this collection(no 403).

Failure Logs

Here is stack details from console -

Error: Ember Data Request GET https://pars03ndevapi04.azurewebsites.net/forest/ActivityPharmacyContentTagState returned a 403
Payload (application/json; charset=utf-8)
[object Object]
at n.i (https://app.forestadmin.com/assets/vendor-7b6214a093c1f0eb13fc5b382428fed9.js:59:23755)
at n.i (https://app.forestadmin.com/assets/vendor-7b6214a093c1f0eb13fc5b382428fed9.js:65:425624)
at new n (https://app.forestadmin.com/assets/vendor-7b6214a093c1f0eb13fc5b382428fed9.js:65:426368)
at b.handleResponse (https://app.forestadmin.com/assets/vendor-7b6214a093c1f0eb13fc5b382428fed9.js:65:433642)
at b.handleResponse (https://app.forestadmin.com/assets/client-65cc94107ff6045bb3b919bf0493b096.js:1:5305169)
at y (https://app.forestadmin.com/assets/vendor-7b6214a093c1f0eb13fc5b382428fed9.js:65:437954)
at https://app.forestadmin.com/assets/vendor-7b6214a093c1f0eb13fc5b382428fed9.js:65:434284
at b.ajax (https://app.forestadmin.com/assets/vendor-7b6214a093c1f0eb13fc5b382428fed9.js:65:434295)

Context

  • Project name: … ACCME PARS 3.0
  • Team name: … Operations
  • Environment name: … Development, UA, Sandbox and Production
  • Agent (forest package) name & version: … 9.0.0
  • Database type: …
  • Recent changes made on your end if any: … Just added few collections which are working fine except one above.
2

Hello @AnoopJ, welcome to the community

You might have ran accross a recent issue that we discovered regarding the permissions cache.
I have updated the cache for your project, which should work around your issues while we are working on a permanent fix.

Please let me know if this is ok for you now.

Regards

3

Hi Nicolas,

Thanks for your quick response.

I am still getting same issue for ActivityPharmacyContentTagState. I have cleared the browser cache and relogin to FA dashboard, but this issue still persist.

Please let me know if you need more information.

4

Hello @AnoopJ,

Looking at the data from our side, we can see a difference between this collection and the others: the first letter of the collection name is a capital letter, whereas all other collections start with a lowercase letter.

Is there any reason why your collection has been declared with a capital letter?

On my side, I’ll try to reproduce the error and work on a fix.

1 Like
5

Hello,

I tried to reproduce the issue you described, but without success.

I can see that your collection seems correctly configured on our side. Users have the right to access it, and permissions are correctly computed on our side.

Do you still experience the issue?

If yes, could you please share with us more info about the query that is failing? I would need the targetted URL, and the response from the server.

I would also need the declaration of this collection in your code, and in particular this line:

collection('[Collection name]', {

And the declaration in sequelize:

const /*[ModelName]*/ = sequelize.define('[ModelName]', {

Thanks

7

Hi @GuillaumeGautreau Thanks for your response, and highlighting the issue. It is an uppercase issue with the collection name(as you suggested). I just made it to lowercase and it started working.

Thanks for your help!

2 Likes
8

Hi @Nicolas.M and @GuillaumeGautreau FYI - I found the discrepancies across the environments. After changing the collection name to lowercase it worked well on my local and development environment and the same build release was pushed to UA and Sandbox. However, it is not working on UA and Sandbox environments.
It creates different URL for ActivityPharmacyContentTagState collection on UA and SB -

https://pars03nuaapi04.azurewebsites.net/forest/**ActivityPharmacyContentTagState**?timezone=Asia%2FCalcutta&fields[ActivityPharmacyContentTagState]=activity%2CcreatedBy%2CcreatedDate%2Cid%2CisDeleted%2CtaxonomyTerm%2CupdatedBy%2CupdatedDate&fields[activity]=activityTitle&fields[createdBy]=email&fields[taxonomyTerm]=name&fields[updatedBy]=email&page[number]=1&page[size]=15&sort=-id

VS

(Development URL)
https://pars03ndevapi04.azurewebsites.net/forest/**activityPharmacyContentTagState**?timezone=Asia%2FCalcutta&fields[activityPharmacyContentTagState]=activity%2CcreatedBy%2CcreatedDate%2Cid%2CisDeleted%2CtaxonomyTerm%2CupdatedBy%2CupdatedDate&fields[activity]=activityTitle&fields[createdBy]=email&fields[taxonomyTerm]=name&fields[updatedBy]=email&page[number]=1&page[size]=15&sort=-id

Notice that on UA and SB ActivityPharmacyContentTagState collection name starts with uppercase. I confirmed that all environments have the same release except production.

Below is the declaration of this collection

const { collection } = require('forest-express-sequelize');
collection('activityPharmacyContentTagState', {
  actions: [],
  fields: [],
  segments: [],
});

And this is the code in sequelize -

const ActivityPharmacyContentTagState = sequelize.define('activityPharmacyContentTagState', {
    id: {
      type: DataTypes.UUID,
      field: 'Id',
      primaryKey: true,
      defaultValue: uuidv4,
      allowNull: false,
    },    
    isDeleted: {
      type: DataTypes.BOOLEAN,
      field: 'IsDeleted',
      defaultValue: false,
      allowNull: false,
    },
    createdDate: {
      type: DataTypes.DATE,
      field: 'CreatedDate',
      defaultValue: sequelize.literal("getutcdate()"),
    },
    updatedDate: {
      type: DataTypes.DATE,
      field: 'UpdatedDate',
    },
  }, {
    tableName: 'ActivityPharmacyContentTagState',
    timestamps: false,
    schema: 'dbo',
  });

We are following the same pattern for other collections as well. I have attached the server response in the description of this ticket. Please let me know if you need any other information.

9

Looking at the data on our side, it seems that the forestadmin-schema is not up to date on your production environment.

There is a main difference in behavior between development and production environments regarding the forestadmin-schema file:

  • in development, this file is re-generated at each run
  • in production, this file is kept “as is” and not modified by the launch of the agent.

The intended process when updating your schema, is to

  1. test the modification on a development environment
  2. commit the change in the code AND the forestadmin-schema.json file
  3. apply both of them in production

I’m pretty sure that if you update the schema file from your production environment, you’ll see the changes as expected.

10

Thanks @GuillaumeGautreau, forestadmin-schmea.json was somehow not committed, and it is re-generated in the development environment but not in other environments.

I appreciate your help, and marking this as resolved!

1 Like