Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Autocompleting POI address not working for non-staff users #1777

Closed
timobrembeck opened this issue Oct 18, 2022 · 0 comments · Fixed by #1783
Closed

Autocompleting POI address not working for non-staff users #1777

timobrembeck opened this issue Oct 18, 2022 · 0 comments · Fixed by #1783
Assignees
@seluianova
Labels
🍼 good first issue Good for newcomers ‼️ prio: high Needs to be resolved ASAP. 🐛 bug Something isn't working ☺️ effort: low Should be doable in <4h
Milestone
22Q4

Comments

@timobrembeck
Copy link
Member

timobrembeck commented Oct 18, 2022
edited

Describe the Bug

At the moment, the auto completion feature introduced in #1744 does only work for staff users.

Steps to Reproduce

  1. Login as non staff user
  2. Try to autocomplete POI address
  3. See error in JS and Django console

Expected Behavior

The address completion should also work for non staff users.
To solve this, the region_slug parameter needs to be passed to the view, even if it's unused.
(Because our access control treats all views without the region_slug parameter as "staff area" and denies region users to access them.)

Actual Behavior

A PermissionDenied error occurs

Additional Information

At least the error is not caught in the JS code, so there is no error message shown to users, but the feature just doesn't work.

Traceback 
Oct 18 06:50:51 WARNING django.request - 403 Forbidden (Permission denied): /ajax/locations/auto-complete-address/
Traceback (most recent call last):
File "/opt/integreat-cms/.venv/lib/python3.9/site-packages/django/core/handlers/exception.py", line 47, in inner
  response = get_response(request)
File "/opt/integreat-cms/.venv/lib/python3.9/site-packages/integreat_cms/core/middleware/access_control_middleware.py", line 67, in __call__
  raise PermissionDenied(
django.core.exceptions.PermissionDenied: <SimpleLazyObject: <User (id: 930, username: maucher, role: Management, region: lkmuenchen)>> does not have the permission to access the staff area
Oct 18 06:50:54 WARNING django.request - 403 Forbidden (Permission denied): /ajax/locations/auto-complete-address/
Traceback (most recent call last):
File "/opt/integreat-cms/.venv/lib/python3.9/site-packages/django/core/handlers/exception.py", line 47, in inner
  response = get_response(request)
File "/opt/integreat-cms/.venv/lib/python3.9/site-packages/integreat_cms/core/middleware/access_control_middleware.py", line 67, in __call__
  raise PermissionDenied(
django.core.exceptions.PermissionDenied: <SimpleLazyObject: <User (id: 930, username: maucher, role: Management, region: lkmuenchen)>> does not have the permission to access the staff area
Oct 18 06:58:34 WARNING django.request - 403 Forbidden (Permission denied): /ajax/locations/auto-complete-address/
Traceback (most recent call last):
File "/opt/integreat-cms/.venv/lib/python3.9/site-packages/django/core/handlers/exception.py", line 47, in inner
  response = get_response(request)
File "/opt/integreat-cms/.venv/lib/python3.9/site-packages/integreat_cms/core/middleware/access_control_middleware.py", line 67, in __call__
  raise PermissionDenied(
django.core.exceptions.PermissionDenied: <SimpleLazyObject: <User (id: 930, username: maucher, role: Management, region: lkmuenchen)>> does not have the permission to access the staff area
Oct 18 06:58:35 WARNING django.request - 403 Forbidden (Permission denied): /ajax/locations/auto-complete-address/
Traceback (most recent call last):
File "/opt/integreat-cms/.venv/lib/python3.9/site-packages/django/core/handlers/exception.py", line 47, in inner
  response = get_response(request)
File "/opt/integreat-cms/.venv/lib/python3.9/site-packages/integreat_cms/core/middleware/access_control_middleware.py", line 67, in __call__
  raise PermissionDenied(
django.core.exceptions.PermissionDenied: <SimpleLazyObject: <User (id: 930, username: maucher, role: Management, region: lkmuenchen)>> does not have the permission to access the staff area
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seluianova seluianova

Labels
🍼 good first issue Good for newcomers ‼️ prio: high Needs to be resolved ASAP. 🐛 bug Something isn't working ☺️ effort: low Should be doable in <4h
Projects
None yet
Milestone
22Q4
Development

Successfully merging a pull request may close this issue.

Fix autocompleting POI address for non-staff users digitalfabrik/integreat-cms
2 participants
@timobrembeck @seluianova