Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unauthorized access to Data > Processing #6312

Closed
yassine-ouaamou opened this issue Mar 11, 2024 · 3 comments · Fixed by #6340
Closed

Unauthorized access to Data > Processing #6312

yassine-ouaamou opened this issue Mar 11, 2024 · 3 comments · Fixed by #6340
Assignees
@SouadHadjiat
Labels
bug use for describing something not working as expected critical use to identify critical bug to fix ASAP solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.0.7

Comments

@yassine-ouaamou
Copy link
Member

Description

Environment

Testing

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create a role with the following capabilities:
    image
  2. Create a group and give it the previously created role
  3. Update or create a user with the previously created group
  4. Log in with the user
  5. Go to Data > Processing

Expected Output

? (probably we should not see "Processing" in the menu

Actual Output

Unauthorized! Redirected to the login page

Additional information

Other related issues:

  • Error when accessing Data > Entities. The result of the GraphQL call includes the following error:
    { "message": "Invalid loading of batched element", "name": "UNSUPPORTED_ERROR", "time_thrown": "2024-03-11T19:48:38.828Z", "data": { "http_status": 500, "genre": "BUSINESS", "id": "bf567425-223f-49d6-8462-85a84f3e0963" } },
  • When accessing Data > Import, the links of the enabled Import connectors should be Idle. They are active and we are redirected to the login screen when clicked.

Sorry for adding these two related issues to the main one. I can create new ones if needed

Screenshots (optional)
@yassine-ouaamou yassine-ouaamou added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Mar 11, 2024
@SamuelHassine SamuelHassine added this to the Release 6.0.6 milestone Mar 11, 2024
@Jipegien Jipegien modified the milestones: Release 6.0.6, Release 6.0.7 Mar 12, 2024
@nino-filigran
Copy link

@yassine-ouaamou I'm confused: if your user has the right "manage CSV mappers", then it's normal that the users sees processing.

What's not normal however is that the user does not have access to processing (and therefore CSV mapper) since the user should be able to modify it.

@nino-filigran nino-filigran added critical use to identify critical bug to fix ASAP and removed needs triage use to identify issue needing triage from Filigran Product team labels Mar 13, 2024
@SouadHadjiat SouadHadjiat self-assigned this Mar 13, 2024
@yassine-ouaamou
Copy link
Member Author

@yassine-ouaamou I'm confused: if your user has the right "manage CSV mappers", then it's normal that the users sees processing.

What's not normal however is that the user does not have access to processing (and therefore CSV mapper) since the user should be able to modify it.

Indeed, the user has the right to the CSV mappers page (if accessed directly through the link). The issue is that when we click on Processing, we are directed to Automation which they don't have access to.

SouadHadjiat added a commit that referenced this issue Mar 13, 2024
@SouadHadjiat
[frontend] Fix unauthorized access to Data > Processing (#6312)
662a09f
@SouadHadjiat SouadHadjiat linked a pull request Mar 13, 2024 that will close this issue
[frontend] Fix Data > Ingestion and Processing menus access (#6312) (#6328) (#6329) #6340
Merged
5 tasks
@SouadHadjiat SouadHadjiat mentioned this issue Mar 13, 2024
Merged
5 tasks
@nino-filigran
Copy link

@SouadHadjiat could these bugs also be linked? Basically the user sees some items in the left navigation menu that should not be visible given to its rights.
#6328
#6329

@SouadHadjiat SouadHadjiat mentioned this issue Mar 14, 2024
Closed
SouadHadjiat added a commit that referenced this issue Mar 14, 2024
@SouadHadjiat
[frontend] Fix Data > Ingestion and Processing menus access (#6312) (#…
7b2a771 
…6328) (#6329)
@SouadHadjiat SouadHadjiat added the solved use to identify issue that has been solved (must be linked to the solving PR) label Mar 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SouadHadjiat SouadHadjiat

Labels
bug use for describing something not working as expected critical use to identify critical bug to fix ASAP solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.0.7
5 participants
@SouadHadjiat @SamuelHassine @yassine-ouaamou @Jipegien @nino-filigran