New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[1.3 beta] Regression: no users list #1608

Closed
pdepaepe opened this Issue Dec 4, 2015 · 4 comments

Comments

Projects
None yet
3 participants
@pdepaepe

pdepaepe commented Dec 4, 2015

Hello,

Currently testing 1.3 beta, i'm not able to get users list page.
On log side, i see:

2015-12-04T15:35:13.134Z ERROR [RestResource] Unable to load role names for role IDs [563c874ee4b001c07c5f02a9, 563c87fae4b001c07c5f0364] for user UserImpl{fields={_id=5640d260e4b02855eda908f6, username=pdepaepe, email=pdepaepe@localhost.com, permissions=[ "users:edit:pdepaepe"], password=xxxxxxxxxx, full_name=pdepaepe's account, roles=[ { "$oid" : "563c874ee4b001c07c5f02a9"} , { "$oid" : "563c87fae4b001c07c5f0364"}]}, id=5640d260e4b02855eda908f6}

When i call GET roles, i don't see 563c874ee4b001c07c5f02a9 and 563c87fae4b001c07c5f0364, so i guess, theses references are stuck in user object ?

PS: roll-backed to 1.2, users are back again

@kroepke kroepke added S1 P1 labels Dec 4, 2015

@kroepke kroepke added this to the 1.3.0 milestone Dec 4, 2015

@kroepke

This comment has been minimized.

Member

kroepke commented Dec 4, 2015

Those IDs should be resolved to proper role names, so the roles call won't show them.

Still the user loading should not fail.

I'll investigate.

@bernd bernd assigned bernd and kroepke and unassigned bernd Dec 6, 2015

@bernd

This comment has been minimized.

Member

bernd commented Dec 6, 2015

There is a regression that the role in the user object does not get deleted when a role is removed via the REST API. This will be fixed.

I can reproduce it with the following steps:

  1. Create new role "Test"
  2. Assign "Test" role to user
  3. Remove "Reader" role from user (only works via API request)
  4. Delete "Test" role via API
  5. Open "System/Users" to reproduce the error
@bernd

This comment has been minimized.

Member

bernd commented Dec 6, 2015

The commands to reproduce the problem.

  1. Create role "Test"
  2. Create user "john" with "Test" as only role
  3. Delete role "Test"
  4. Check "System/Users"

Commands

$ curl -sni -XPOST -d @role-create.json -H Content-Type:application/json localhost:12900/roles
HTTP/1.1 201 Created
Location: http://127.0.0.1:12900/roles/Test
Content-Type: application/json
Transfer-Encoding: chunked

{"name":"Test","description":"A test role","permissions":["*"],"read_only":false}

$ curl -sni -XPOST -d @user-create.json -H Content-Type:application/json localhost:12900/users
HTTP/1.1 201 Created
Location: http://127.0.0.1:12900/users/john
Transfer-Encoding: chunked

$ curl -sni -XDELETE localhost:12900/roles/Test
HTTP/1.1 204 No Content
Transfer-Encoding: chunked

Log

2015-12-06 17:25:02,569 ERROR: org.graylog2.shared.rest.resources.RestResource - Unable to load role names for role IDs [56646137c8309bc1950de228] for user UserImpl{fields={_id=56646153c8309bc1950de247, password=058b45b3403041e0fffb78a5eda83e5b4f6555c7, full_name=John Doe, session_timeout_ms=-1, startpage={ }, permissions=[ "users:edit:john" , "users:passwordchange:john" , "indexercluster:read" , "messagecount:read" , "journal:read" , "inputs:read" , "metrics:read" , "savedsearches:edit" , "fieldnames:read" , "buffers:read" , "system:read" , "savedsearches:create" , "jvmstats:read" , "throughput:read" , "savedsearches:read" , "messages:read"], timezone=Europe/Berlin, roles=[ { "$oid" : "56646137c8309bc1950de228"}], email=john@example.com, username=john}, id=56646153c8309bc1950de247}

role-create.json

{
  "name": "Test",
  "description": "A test role",
  "permissions": ["*"]
}

user-create.json

{
  "username": "john",
  "email": "john@example.com",
  "full_name": "John Doe",
  "password": "123456",
  "permissions": [
    "users:edit:john",
    "users:passwordchange:john",
    "indexercluster:read",
    "messagecount:read",
    "journal:read",
    "inputs:read",
    "metrics:read",
    "savedsearches:edit",
    "fieldnames:read",
    "buffers:read",
    "system:read",
    "savedsearches:create",
    "jvmstats:read",
    "throughput:read",
    "savedsearches:read",
    "messages:read"
  ],
  "timezone": "Europe/Berlin",
  "session_timeout_ms": -1,
  "startpage": {},
  "roles": [
    "Test"
  ]
}

kroepke added a commit that referenced this issue Dec 7, 2015

properly remove roles from users when the role is deleted
 - local admin users are not touched
 - when resolving roles of a user do not throw an exception for missing roles, it prevented the user from being editable
 - integration tests for role removal

fixes #1608

kroepke added a commit that referenced this issue Dec 8, 2015

@bernd bernd closed this in 6bab850 Dec 8, 2015

@bernd

This comment has been minimized.

Member

bernd commented Dec 8, 2015

This will be fixed in the upcoming Graylog 1.3 release. Thank you for the report!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment