Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Query Search, empty page with 403 error #10830

Closed
eugene-belarus opened this issue Sep 10, 2020 · 3 comments · Fixed by #11017
Closed

Query Search, empty page with 403 error #10830

eugene-belarus opened this issue Sep 10, 2020 · 3 comments · Fixed by #11017
Labels
!deprecated-label:bug Deprecated label - Use #bug instead

Comments

@eugene-belarus
Copy link

When user without can_access_all_queries permission go to Query Search and filter by user (click on his username) then 403 error appears

Expected results

There's no error.

Actual results

There's a empty page with 403 status response.

Code

@has_access
    @expose("/search_queries")
    @event_logger.log_this
    def search_queries(self) -> FlaskResponse:
        query = db.session.query(Query)
        if security_manager.can_access_all_queries():
            search_user_id = request.args.get("user_id")
        elif (
            request.args.get("user_id") is not None
            and request.args.get("user_id") != g.user.get_user_id()
        ):
            return Response(status=403, mimetype="application/json")

I think request.args.get("user_id") returns string type and g.user.get_user_id() returns integer type thus appears 403 error.

How to reproduce the bug

  1. Go to Query Search
  2. Click on username without can_access_all_queries permission
  3. See a empty page with 403 error
@eugene-belarus eugene-belarus added the !deprecated-label:bug Deprecated label - Use #bug instead label Sep 10, 2020
@issue-label-bot
Copy link

Issue-Label Bot is automatically applying the label #bug to this issue, with a confidence of 0.96. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

@eugene-belarus eugene-belarus changed the title Small logical and UI bugs Query Search, empty page with 403 error Sep 10, 2020
@nytai nytai mentioned this issue Sep 23, 2020
Closed
6 tasks
@nytai
Copy link
Member

nytai commented Sep 23, 2020

@eugene-belarus you were correct -- easy fix

@dpgaspar dpgaspar mentioned this issue Sep 23, 2020
Merged
6 tasks
@dpgaspar
Copy link
Member

Fixed on master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
!deprecated-label:bug Deprecated label - Use #bug instead
Projects
None yet
Milestone
No milestone
3 participants
@dpgaspar @nytai @eugene-belarus