Role can't access record read detail configured

timothyarmes · January 31, 2022, 3:01pm

Feature(s) impacted

Roles

Observed behavior

We have created a new role with full read/write access to one specific table. When we assign that role to certain users then they can list the items in that table, but they can’t see the details of a given row.

Expected behavior

The user should be able to see the details.

Context

Project name: Brxs
Team name: Operations
Environment name: Production

This problem is for the role “Marketing”

jeffladiray · January 31, 2022, 3:10pm

Hey @timothyarmes

Could you confirm the project name?
Also, according to the multiple project I can find, I can’t spot any roles, so the project name will be valuable in order to help. Thanks

timothyarmes · January 31, 2022, 3:14pm

Hi,

I’ve updated my post to reflect the correct capitalisation (Brxs)

jeffladiray · January 31, 2022, 3:18pm

Thanks, I can now see your role configuration.

Could you also share:

A user name that can’t access details informations?
The specific collection you setup role onto?

Feel free to reach me as DM if you consider those private.

Thanks in advance

anon15528774 · February 1, 2022, 5:23pm

Hello @timothyarmes

I could not reproduce the bug on my end and your configuration appears to be correct.

Could you share your production agent servers logs ?

Restarting your production agent server may also help.

Thanks

anon34731316 · February 2, 2022, 4:29pm

Hello @timothyarmes,

As @jeffladiray mentioned, could you share with us:

A collection (table) name where you encounter the issue?
A screencast of the bug encountered?

It would help us reproducing the issue / solve your case.
Thanks!

timothyarmes · February 3, 2022, 7:02am

Hi,

Sorry for the delay.

The collection is called Promocodes. In video you can see that I’m logged in using a test account (Testy Tim) which has the Marketing role. As such, I can see the collection. However, I can’t see the details when I click.

FA_Bug.tar (946.2 KB)

I’m happy to do a zoom session with a developer to demo the issue live.

P.S. Could you allow uploading of .mov and .zip files here?

anon34731316 · February 3, 2022, 9:29am

Hi @timothyarmes,

Thanks a lot for your details.

Indeed, from what I can see, you should be able to see the details of this record.

Do you have any error in your browser console? In your server?
Can you see the number of records on the Promocodes list? Or is it hidden and the pagination shows 1 of 0?

Thanks.

anon34731316 · February 3, 2022, 9:39am

@timothyarmes,

Also, if that’s something doable on your side, I will be interested in seeing the result of the call on your user:
In the browser console, in the tab Network, the result of call to https://app.forestadmin.com/api/users?id=[your-user-id]&include=role&projectId=[project-id], and especially the permissions associated to the current environment and the promocodes collection.

Something like this:

timothyarmes · February 3, 2022, 10:13am

Hi,

It does see the correct number of records and shows page 1/1.

Here’s the console error when trying to view a record:

chunk.8.bd8e8ba….js:1 GET https://fa.brxsapp.com/forest/promocodes/7b9fc372-5b71-4b2a-bc67-26f1bc4b1c3d?timezone=Europe%2FParis 403

11:09:53.953

chunk.8.bd8e8ba….js:1 [forest] 🌳🌳🌳 Unexpected error in details view:

1. n {isAdapterError: true, stack: 'Error: Ember Data Request GET https://fa.brxsapp.c…m/assets/chunk.8.bd8e8ba96866ab6bafcd.js:1:47562)', description: undefined, fileName: undefined, lineNumber: undefined, …}

  1. description: undefined
  2. errors: Array(1)

    1. 0:

      1. detail: "Forbidden"
      2. name: "ForbiddenError"
      3. status: 403
      4. [[Prototype]]: Object

    2. length: 1
    3. []: (...)
    4. firstObject: (...)
    5. hasArrayObservers: (...)
    6. lastObject: (...)
    7. [[Prototype]]: Array(0)

  3. fileName: undefined
  4. isAdapterError: true
  5. lineNumber: undefined
  6. message: "Ember Data Request GET https://fa.brxsapp.com/forest/promocodes/7b9fc372-5b71-4b2a-bc67-26f1bc4b1c3d returned a 403\nPayload (application/json; charset=utf-8)\n[object Object]"
  7. name: "Error"
  8. number: undefined
  9. stack: "Error: Ember Data Request GET https://fa.brxsapp.com/forest/promocodes/7b9fc372-5b71-4b2a-bc67-26f1bc4b1c3d returned a 403\nPayload (application/json; charset=utf-8)\n[object Object]\n at n.i (https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:158:229581)\n at new n (https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:158:230339)\n at b.handleResponse (https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:158:236678)\n at b.handleResponse (https://app.forestadmin.com/assets/client-8de26bba69d386698806f1b376c72e0f.js:1:3928609)\n at x (https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:158:241065)\n at https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:158:237743\n at b.s.Promise.u.error (https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:158:237754)\n at l (https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:48:24786)\n at Object.fireWith [as rejectWith] (https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:48:25534)\n at k (https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:48:76509)\n at XMLHttpRequest.<anonymous> (https://app.forestadmin.com/assets/vendor-5ed7990a316446b58c5ac6ae987f51ea.js:48:78952)\n at XMLHttpRequest.r (https://app.forestadmin.com/assets/chunk.8.bd8e8ba96866ab6bafcd.js:1:47562)"
  10. [[Prototype]]: Error

    1. code: "ForbiddenError"

timothyarmes · February 3, 2022, 10:16am

Here’s the requested result of the GET:

anon34731316 · February 3, 2022, 11:05am

Thanks @timothyarmes!

Ok, so the browser is receiving the correct permissions.
However, it seems like your forest agent is returning a 403 when being ask the record details

Can you see any error log on your forest agent when trying to access this record?
Did you override this GET route of one promocode?
Can you check that you have the permissionMiddleware.details() as a middleware of the route?
If you didn’t touch it, it should look like something like this:

timothyarmes · February 3, 2022, 12:19pm

Hi,

It’s suddenly started working. Did you change something?

anon34731316 · February 3, 2022, 1:01pm

Hi @timothyarmes,

No we didn’t change anything That’s strange.

Did you, on your agent? Or maybe just restarted it?

timothyarmes · February 3, 2022, 1:21pm

So, looking at the logs I saw a Forbidden access to a completely different collection. As a test, I allowed access to that collection and tried again, and I could then access the promocodes collection as expected.

I then removed the access to the irrelevant collection, but I found that I still had access to the promo code collection! Hence I though that maybe you had changed something else.

I’m waiting to see if the other users now have access…

anon34731316 · February 3, 2022, 1:40pm

@timothyarmes ok strange

Let me know if everything is working as expected now.

timothyarmes · February 3, 2022, 2:27pm

Hi,

Well, the other accounts with this role still can’t access the details page! This is all really strange.

anon34731316 · February 3, 2022, 2:53pm

Ok, so with the other accounts you can see some 403 logs in your agent?
Do they contain any details?

anon34731316 · February 14, 2022, 8:27am

Hello @timothyarmes,

Any news of this topic?

Thanks!

Topic		Replies	Views
Access forbidden on user Help me!	19	1039	March 4, 2021
Some Models access forbiden Help me! howtos	13	287	May 10, 2021
Roles configuration Help me! setup	2	404	April 20, 2021
Cannot remove edit/delete permissions on records in Layout mode Help me!	1	169	June 19, 2023
I dont see roles`permissions Help me!	1	55	January 25, 2024

Role can't access record read detail configured

Feature(s) impacted

Observed behavior

Expected behavior

Context

Related Topics