Message "Forbidden" when trying to create a chart

Hi team,

This morning, when trying to create a new chart, I am getting a message
“Forbidden”.

I don’t understand as I have many many different charts which are already using this kind of SQL query.

The charts will be unusable if I loose the possibility to customize the queries.

Failure Logs

On server log, I am getting this error:

2022-08-22T10:04:17.723629828Z [forest] 🌳🌳🌳  'liveQueries' access forbidden on account_limits

• I don’t query the account_limits table
• I don’t have any customized route on charts

So I don’t understand.

Randomized permission error

After reloading the whole page, the error message disappears.
I am able to make one change, and save.
Then, when I am trying to make another change, the error appears once again.
So this is very unstable.

Context

Here is my current setup:

• Project name: MyPocket
• Team name: Finance
• Environment name: Production

  "meta": {
    "liana": "forest-express-sequelize",
    "liana_version": "8.5.11",
    "stack": {
      "database_type": "multiple",
      "engine": "nodejs",
      "engine_version": "14.17.0",
      "orm_version": "5.22.3"
    }
  }

Thanks in advance

Hello @Louis-Marie,

Indeed, it should work. This seems strange that you received this error.

Can you please check the network tab of your developer tools on your browser and copy/paste the content of the response you received from your agent?

Hi Guillaume,

I have just reproduced the error.
Here are 2 screen copies of the network tab:

image1023×488 40.4 KB

image1091×460 35.6 KB

Hoping this will help.
Thanks

And the error on the OPTIONS method with the stats query above:

image1107×474 36.2 KB

Hello @Louis-Marie,

Thank you for all the information. I will try to reproduce it on my end. In the meanwhile, I have a few questions:

• Are you an admin of MyPocket?
• Could you share the payload of the failing request (it contains information that could help us isolate the root of the issue )

Kind regards,
Morgan

Hi @morganperre ,

Yes, I’m an admin.

Here is a screen copy of the payload.

image1108×224 16.7 KB

Kind regards
Louis-Marie

Hello @Louis-Marie,

I’m able to reproduce.

• The error message is incorrect
• A user with permission level editor Editor, Developer or Administrator should be able to play with SQL charts without any permissions issues. For information, those permissions checks are here to prevent any security breach that can hurt your database (since you can run raw SQL).

You can follow the issue from this tracker:

Kind regards,
Morgan

Hello @Louis-Marie,

It wasn’t an easy task but we release an updated version of forest-express-sequelize (8.5.12) that fixes the issue!

As said earlier, it should have better error messages and you shouldn’t encounter permissions issues when creating or updating a chart.

Let me know if it works for you.

Kind,
Regards

Hi @morganperre

Unfortunately, it appears that I am not able to properly install forest-express-sequelize@8.5.12

I have opened a new ticket: Forest-express missing in subfolder node_modules of forest-express-sequelize@8.5.12

Waiting for this last one to be solved.

Thanks
Louis-Marie

Hi @morganperre

I have finally successfully updated to the last release of forest-express-sequelize@8.5.12

I do not have any more the problem. It is resolved.

However, the Trash icon does not appear to let me delete a chart.
Is it linked to the same issue? or should I open a new one?

Thanks
Louis-Marie

Hello @Louis-Marie,

Real glad to hear that.

You can simply delete a chart in the edit menu. See the screenshot below.

Let me know if it helps.

Kind regards,
Morgan

Hi @morganperre

You can simply delete a chart in the edit menu.

It was not easy to find it
But, that’s fine.

Thank you very much for your help and for the fix

Have a nice week-end.
Kind regards

Louis-marie

I’m gonna make some feedbacks to our team. Thanks for your time.

Have a nice weekend too.

Regards,
Morgan