Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ForbiddenException on v2 resource creation #1104

Closed
gfoo opened this Issue Dec 6, 2018 · 10 comments

Comments

Projects
None yet
3 participants
@gfoo
Copy link

commented Dec 6, 2018

Hello,
I have this error when I try to create a resource using http://localhost:3333/v2/resources API (using Bearer token) while it works with Salsah 1 (I presume using v1 API) :

{
    "error": "org.knora.webapi.ForbiddenException: User gilles.faucherand@unil.ch does not have permissions to create a resource in project <http://rdfh.ch/projects/0113>"
}

A little bit boring to provide you ontology and so on, could you quick check if there is maybe something wrong with with my following data ? or with create resource v1/v2 API ? :

{
    "@type": "onto:Collection",
    "rdfs:label": "Test",
    "knora-api:attachedToProject": {
        "@id": "http://rdfh.ch/projects/0113"
    },
    "onto:collectionHasTitle": {
        "@type": "knora-api:TextValue",
        "knora-api:valueAsString": "Test"
    },
    "onto:collectionHasUrlElement": {
        "@type": "knora-api:TextValue",
        "knora-api:valueAsString": "test"
    },
    "onto:hasDiffusionType": {
        "@type": "knora-api:BooleanValue",
        "knora-api:booleanValueAsBoolean": false
    },
    "onto:hasOwnerValue": {
        "@type": "knora-api:LinkValue",
        "knora-api:linkValueHasTargetIri": {
            "@id": "http://rdfh.ch/0113/x-I6cMsjSp65NpzPAMytrw"
        }
    },
    "@context": {
        "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
        "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
        "xsd": "http://www.w3.org/2001/XMLSchema#",
        "knora-api": "http://api.knora.org/ontology/knora-api/v2#",
        "onto": "http://0.0.0.0:3333/ontology/0113/lumieres-lausanne/v2#"
    }
}

thanks

@gfoo gfoo added the API v2 label Dec 6, 2018

@benjamingeer

This comment has been minimized.

Copy link
Collaborator

commented Dec 6, 2018

Are you sure you have given yourself permission to create a resource in that project?

@gfoo

This comment has been minimized.

Copy link
Author

commented Dec 6, 2018

yes, but anyway I'm preparing a test case for this afternoon, you could try to reproduce.

@gfoo

This comment has been minimized.

Copy link
Author

commented Dec 6, 2018

@benjamingeer

This comment has been minimized.

Copy link
Collaborator

commented Dec 6, 2018

@subotic could you possibly have a look at this?

@subotic

This comment has been minimized.

Copy link
Member

commented Dec 6, 2018

Yes, creating a test case inside Knora.

@subotic

This comment has been minimized.

Copy link
Member

commented Dec 6, 2018

I think I have found one error, but still not working.

# Administrative Permissions on Administrator group
<http://rdfh.ch/permissions/0113/lumieres-lausanne-a006> rdf:type knora-base:AdministrativePermission ;
                      knora-base:forProject <http://rdfh.ch/projects/0113> ;
                      knora-base:forGroup <http://rdfh.ch/groups/0113/lumieres-lausanne-administrator> ;
                      knora-base:hasPermissions "ProjectResourceCreateRestrictedPermission http://www.knora.org/ontology/0113/lumieres-lausanne#AdditionalResource,http://www.knora.org/ontology/0113/lumieres-lausanne#AdditionalResourceRestricted,http://www.knora.org/ontology/0113/lumieres-lausanne#BibliographicNotice,http://www.knora.org/ontology/0113/lumieres-lausanne#Collection,http://www.knora.org/ontology/0113/lumieres-lausanne#CollectionRestricted,http://www.knora.org/ontology/0113/lumieres-lausanne#Contribution,http://www.knora.org/ontology/0113/lumieres-lausanne#Dissemination,http://www.knora.org/ontology/0113/lumieres-lausanne#DraftBibliographicNotice,http://www.knora.org/ontology/0113/lumieres-lausanne#DraftPerson,http://www.knora.org/ontology/0113/lumieres-lausanne#Document,http://www.knora.org/ontology/0113/lumieres-lausanne#Finding,http://www.knora.org/ontology/0113/lumieres-lausanne#FreeContent,http://www.knora.org/ontology/0113/lumieres-lausanne#Image,http://www.knora.org/ontology/0113/lumieres-lausanne#News,http://www.knora.org/ontology/0113/lumieres-lausanne#Note,http://www.knora.org/ontology/0113/lumieres-lausanne#NoteRestricted,http://www.knora.org/ontology/0113/lumieres-lausanne#Person,http://www.knora.org/ontology/0113/lumieres-lausanne#Position,http://www.knora.org/ontology/0113/lumieres-lausanne#Project,http://www.knora.org/ontology/0113/lumieres-lausanne#Relationship,http://www.knora.org/ontology/0113/lumieres-lausanne#SocietyMembership,http://www.knora.org/ontology/0113/lumieres-lausanne#Transcription,http://www.knora.org/ontology/0113/lumieres-lausanne#TranscriptionRestricted,http://www.knora.org/ontology/0113/lumieres-lausanne#User"^^xsd:string .

I've added the http://www.knora.org/ontology/0113/lumieres-lausanne#User resource type the group. But it still does not work.

@subotic

This comment has been minimized.

Copy link
Member

commented Dec 6, 2018

I've opened a PR with the test added, which still fails.

@subotic subotic added the bug label Dec 6, 2018

@subotic subotic added this to the 2018.12 milestone Dec 6, 2018

@benjamingeer

This comment has been minimized.

@benjamingeer

This comment has been minimized.

Copy link
Collaborator

commented Dec 6, 2018

I guess the exception's message should include of class ${createResourceRequestV2.createResource.resourceClassIri}.

@gfoo

This comment has been minimized.

Copy link
Author

commented Dec 7, 2018

I think I have found one error, but still not working.

# Administrative Permissions on Administrator group
<http://rdfh.ch/permissions/0113/lumieres-lausanne-a006> rdf:type knora-base:AdministrativePermission ;
                      knora-base:forProject <http://rdfh.ch/projects/0113> ;
                      knora-base:forGroup <http://rdfh.ch/groups/0113/lumieres-lausanne-administrator> ;
                      knora-base:hasPermissions "ProjectResourceCreateRestrictedPermission http://www.knora.org/ontology/0113/lumieres-lausanne#AdditionalResource,http://www.knora.org/ontology/0113/lumieres-lausanne#AdditionalResourceRestricted,http://www.knora.org/ontology/0113/lumieres-lausanne#BibliographicNotice,http://www.knora.org/ontology/0113/lumieres-lausanne#Collection,http://www.knora.org/ontology/0113/lumieres-lausanne#CollectionRestricted,http://www.knora.org/ontology/0113/lumieres-lausanne#Contribution,http://www.knora.org/ontology/0113/lumieres-lausanne#Dissemination,http://www.knora.org/ontology/0113/lumieres-lausanne#DraftBibliographicNotice,http://www.knora.org/ontology/0113/lumieres-lausanne#DraftPerson,http://www.knora.org/ontology/0113/lumieres-lausanne#Document,http://www.knora.org/ontology/0113/lumieres-lausanne#Finding,http://www.knora.org/ontology/0113/lumieres-lausanne#FreeContent,http://www.knora.org/ontology/0113/lumieres-lausanne#Image,http://www.knora.org/ontology/0113/lumieres-lausanne#News,http://www.knora.org/ontology/0113/lumieres-lausanne#Note,http://www.knora.org/ontology/0113/lumieres-lausanne#NoteRestricted,http://www.knora.org/ontology/0113/lumieres-lausanne#Person,http://www.knora.org/ontology/0113/lumieres-lausanne#Position,http://www.knora.org/ontology/0113/lumieres-lausanne#Project,http://www.knora.org/ontology/0113/lumieres-lausanne#Relationship,http://www.knora.org/ontology/0113/lumieres-lausanne#SocietyMembership,http://www.knora.org/ontology/0113/lumieres-lausanne#Transcription,http://www.knora.org/ontology/0113/lumieres-lausanne#TranscriptionRestricted,http://www.knora.org/ontology/0113/lumieres-lausanne#User"^^xsd:string .

I've added the http://www.knora.org/ontology/0113/lumieres-lausanne#User resource type the group. But it still does not work.

yes you're right, added this class after having defined the permissions, forgot to update. thx.

@benjamingeer benjamingeer assigned benjamingeer and unassigned subotic Dec 10, 2018

@benjamingeer benjamingeer referenced this issue Dec 10, 2018

Open

Ben's issue queue #571

77 of 92 tasks complete

benjamingeer added a commit that referenced this issue Dec 12, 2018

benjamingeer added a commit that referenced this issue Dec 12, 2018

test (webapi): add lumieres lausanne tests (#1109)
* test (webapi): add lumieres lausanne test data

* test (webapi): add lumieres lausanne test data

* test (webapi): add lumieres lausanne test data

* test (webapi): update restricted permission for lumieres lausanne group

* feature (ResourcesResponderV2): Clarify permission error message.

* test (ResourcesResponderV2): Add debugging code.

* test (webapi): add permissions tests

* fix (ResourcesResponderV2): Fix #1104.

* docs (release-notes): Update release notes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.