Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

工单发起人无权限查看工单 #1881

Closed
jarod opened this issue Sep 27, 2022 · 2 comments
Closed

工单发起人无权限查看工单 #1881

jarod opened this issue Sep 27, 2022 · 2 comments

Comments

@jarod
Copy link

jarod commented Sep 27, 2022

重现步骤

  1. docker-compose方式启动archery 1.9.0
  2. 非管理员帐号提交SQL上线工单

预期外的结果

提交上线工单后,跳转页面(url https://xxx.com/detail/xx/) 403 Forbidden

工单管理员可以看见

恢复到1.8.5版本,新发起的工单正常,用1.9.0版本期间发起的工单还是看不到

估计是1.9.0发起工单的时候,发起人信息存到工单的记录出问题了

日志文本

[2022-09-27 16:48:27,868][MainThread:139910281197376][task_id:django-q][cluster.py:395][ERROR]- Failed [sqlreview-pass-42] - Users matching query does not exist. : Traceback (most recent call last):
  File "/opt/venv4archery/lib/python3.9/site-packages/django_q/cluster.py", line 432, in worker
    res = f(*task["args"], **task["kwargs"])
  File "/opt/archery/sql/notify.py", line 212, in notify_for_audit
    msg_to = [Users.objects.get(username=audit_detail.create_user)]
  File "/opt/venv4archery/lib/python3.9/site-packages/django/db/models/manager.py", line 85, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/opt/venv4archery/lib/python3.9/site-packages/django/db/models/query.py", line 650, in get
    raise self.model.DoesNotExist(
sql.models.Users.DoesNotExist: Users matching query does not exist.

[2022-09-27 16:56:04,625][MainThread:140182566295360][task_id:default][exception_logging_middleware.py:12][ERROR]- Traceback (most recent call last):
  File "/opt/venv4archery/lib/python3.9/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/archery/sql/views.py", line 184, in detail
    raise PermissionDenied
django.core.exceptions.PermissionDenied

版本

1.9.0

部署方式

Docker

是否还有其他可以辅助定位问题的信息?比如数据库版本等
@hhyo
Copy link
Owner

hhyo commented Sep 27, 2022
edited
Loading

看代码是没有保存提交人信息,如果强制指定为登录用户,是不是原来api指定user的就废了@nick2wang

代码内已经指定了engineer_display,看起来通过api创建时指定提交人应该已经失效了

hhyo added a commit that referenced this issue Sep 27, 2022
@hhyo
解决SQL工单提交人信息缺失的问题 fix #1881
c821122
@jarod
Copy link
Author

jarod commented Sep 30, 2022

这个bug可以说导致1.9.0处于不可用的状态,建议迅速发bugfix版本。不发新版本也应该先把1.9.0撤回。

hhyo added a commit that referenced this issue Oct 7, 2022
@hhyo
解决SQL工单提交人信息缺失的问题 fix #1881
af997ec
@hhyo hhyo closed this as completed in cc70b96 Oct 7, 2022
@hhyo hhyo mentioned this issue May 14, 2023
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jarod @hhyo