In my project, the technical DB user (postgresql) is supposed to be read only.
For everything else, POST, PUT, DELETE are dealt via API.
Although quite often, I can receive a “permission denied” error even though I don’t “call” FA sequelize.
For instance :
router.post('/integrationDocuments', permissionMiddlewareCreator.create(), (request, response, next) => {
const recordCreator = new RecordCreator(models.integrationDocuments);
const data = request.body.data.attributes;
const place_id = request.body.data.relationships.integration.data.id;;
// file upload
const fileBody = {
attachment: {
image_base: data['Document'],
source_file_name: data['Nom du doc']
}
};
axios.post(`${API_URL}/forest_admin/attachments`, fileBody, {
headers: {
'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
'X-CURRENT-USER-EMAIL': request.user.email
},
}).then(attachmentsResponse => {
const body = {
integration_document: {
place_id,
attachment_id: attachmentsResponse.data.id,
kind: 'other'
}
};
axios.post(`${API_URL}/forest_admin/integration_documents`, body, {
headers: {
'Authorization': `Bearer ${process.env.ACCESS_TOKEN}`,
'X-CURRENT-USER-EMAIL': request.user.email
}
}).then(async res => {
response.send(await recordCreator.serialize(res));
}).catch(err => {
response.status(400).send(err.response.data.error.message);
});
}).catch(attachmentsError => {
response.status(400).send(attachmentsError.response.data.error.message);
});
});
I receive :
[forest] ��� Unexpected error: permission denied for relation integration_documents
{
"name": "SequelizeDatabaseError",
"parent": {
"length": 112,
"name": "error",
"severity": "ERROR",
"code": "42501",
"file": "aclchk.c",
"line": "3411",
"routine": "aclcheck_error",
"sql": "UPDATE \"public\".\"integration_documents\" SET \"place_id\"=$1,\"updated_at\"=$2 WHERE \"id\" IN (NULL)"
},
"original": {
"length": 112,
"name": "error",
"severity": "ERROR",
"code": "42501",
"file": "aclchk.c",
"line": "3411",
"routine": "aclcheck_error",
"sql": "UPDATE \"public\".\"integration_documents\" SET \"place_id\"=$1,\"updated_at\"=$2 WHERE \"id\" IN (NULL)"
},
"sql": "UPDATE \"public\".\"integration_documents\" SET \"place_id\"=$1,\"updated_at\"=$2 WHERE \"id\" IN (NULL)",
"stack": "SequelizeDatabaseError: permission denied for relation integration_documents\n at Query.formatError (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\sequelize\\lib\\dialects\\postgres\\query.js:354:16)\n at C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\sequelize\\lib\\dialects\\postgres\\query.js:71:18\n at tryCatcher (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\bluebird\\js\\release\\util.js:16:23)\n at Promise._settlePromiseFromHandler (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\bluebird\\js\\release\\promise.js:547:31)\n at Promise._settlePromise (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\bluebird\\js\\release\\promise.js:604:18)\n at Promise._settlePromise0 (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\bluebird\\js\\release\\promise.js:649:10)\n at Promise._settlePromises (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\bluebird\\js\\release\\promise.js:725:18)\n at _drainQueueStep (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\bluebird\\js\\release\\async.js:93:12)\n at _drainQueue (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\bluebird\\js\\release\\async.js:86:9)\n at Async._drainQueues (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\bluebird\\js\\release\\async.js:102:5)\n at Immediate.Async.drainQueues [as _onImmediate] (C:\\Users\\jvollant\\WebDev\\Syndic One Rebirth\\node_modules\\bluebird\\js\\release\\async.js:15:14)\n at processImmediate (internal/timers.js:456:21)"
}
I don’t understand why FA performs a
UPDATE \"public\".\"integration_documents\" SET \"place_id\"=$1,\"updated_at\"=$2 WHERE \"id\" IN (NULL)
since I call my API to di that.