Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Query Search, empty page with 403 error #10830

Closed
eugene-belarus opened this issue Sep 10, 2020 · 3 comments · Fixed by #11017
Closed

Query Search, empty page with 403 error #10830

eugene-belarus opened this issue Sep 10, 2020 · 3 comments · Fixed by #11017
Labels
!deprecated-label:bug Deprecated label - Use #bug instead

Comments

@eugene-belarus
Copy link

When user without can_access_all_queries permission go to Query Search and filter by user (click on his username) then 403 error appears

Expected results

There's no error.

Actual results

There's a empty page with 403 status response.

Code

@has_access
    @expose("/search_queries")
    @event_logger.log_this
    def search_queries(self) -> FlaskResponse:
        query = db.session.query(Query)
        if security_manager.can_access_all_queries():
            search_user_id = request.args.get("user_id")
        elif (
            request.args.get("user_id") is not None
            and request.args.get("user_id") != g.user.get_user_id()
        ):
            return Response(status=403, mimetype="application/json")

I think request.args.get("user_id") returns string type and g.user.get_user_id() returns integer type thus appears 403 error.

How to reproduce the bug

  1. Go to Query Search
  2. Click on username without can_access_all_queries permission
  3. See a empty page with 403 error
@eugene-belarus eugene-belarus added the !deprecated-label:bug Deprecated label - Use #bug instead label Sep 10, 2020
@issue-label-bot
Copy link

Issue-Label Bot is automatically applying the label #bug to this issue, with a confidence of 0.96. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

@eugene-belarus eugene-belarus changed the title Small logical and UI bugs Query Search, empty page with 403 error Sep 10, 2020
@nytai nytai mentioned this issue Sep 23, 2020
Closed
6 tasks
@nytai
Copy link
Member

nytai commented Sep 23, 2020

@eugene-belarus you were correct -- easy fix

@dpgaspar dpgaspar mentioned this issue Sep 23, 2020
Merged
6 tasks
@dpgaspar
Copy link
Member

Fixed on master

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
!deprecated-label:bug Deprecated label - Use #bug instead
Projects
None yet
Milestone
No milestone
3 participants
@dpgaspar @nytai @eugene-belarus