Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions for "App Access Minimum" does not allow user to view app #20135

Closed
that1matt opened this issue Oct 23, 2023 · 10 comments · Fixed by #20136
Closed

Permissions for "App Access Minimum" does not allow user to view app #20135

that1matt opened this issue Oct 23, 2023 · 10 comments · Fixed by #20136
Assignees
@rijkvanzanten
Labels
🍰 Bug 🍰 Regression

Comments

@that1matt
Copy link
Contributor

Describe the Bug

When you set the permissions using the App Access Minimum and try and login as the user, after login you are greeted with an error "No App Access - the user isn't allowed to use the admin app."

To Reproduce

  1. Create a new role & user with new role.
  2. Use the App Access Minimum link to reset system permissions.
  3. Do not change any other permissions.
  4. Try and login with new user.
  5. Greeted with error message.

Workaround:

  1. Changing the directus_users read value from required for app access to all access allows user to login and view the app.

Directus Version

10.7.0

Hosting Strategy

Self-Hosted (Docker Image)
@that1matt that1matt changed the title Permissions for "App Access Minimum" do not allow user to view app Permissions for "App Access Minimum" does not allow user to view app Oct 23, 2023
@rijkvanzanten rijkvanzanten self-assigned this Oct 23, 2023
rijkvanzanten added a commit that referenced this issue Oct 23, 2023
@rijkvanzanten
Add theming fields to app required permissions
30e03a9 
Fixes #20135
@rijkvanzanten rijkvanzanten mentioned this issue Oct 23, 2023
Merged
rijkvanzanten added a commit that referenced this issue Oct 23, 2023
@rijkvanzanten
Add theming fields to app required permissions (#20136)
55cc117 
* Add theming fields to app required permissions

Fixes #20135

* Add changeset
@u12206050
Copy link
Contributor

Shouldn't this have been hot-fixed release asap, no other users except admin can use Directus 10.7.0 currently?

@rijkvanzanten
Copy link
Member

no other users except admin can use Directus 10.7.0 currently?

That's not true, it's permissions based so it depends on your configuration. Only you're using a role with app access enabled with all other default permissions reduced to the minimum, you'll run into this issue

@u12206050
Copy link
Contributor

Works on 10.7.1 now. Thanks.

@arladmin
Copy link

no other users except admin can use Directus 10.7.0 currently?

That's not true, it's permissions based so it depends on your configuration. Only you're using a role with app access enabled with all other default permissions reduced to the minimum, you'll run into this issue

I just ran into the same issue.

I usually go for 'minimum app access' permission for the system collections, for most of the roles.

@arladmin
Copy link

Shouldn't this have been hot-fixed release asap, no other users except admin can use Directus 10.7.0 currently?

I completely second this.

This IS a valid (and extremely prevalent for us) use-case within the context of the app.

@paescuj
Copy link
Member

paescuj commented Oct 28, 2023

I just ran into the same issue.

With 10.7.1?

@arladmin
Copy link

arladmin commented Oct 28, 2023
edited

I just ran into the same issue.

With 10.7.1?

Nope, with 10.7.0

Ended up waiting for 10.7.1's release and then for the hosting platform (Cloudron) to package and release the updated version.

@arladmin
Copy link

arladmin commented Oct 28, 2023
edited

@paescuj @rijkvanzanten

Update: Even with v10.7.1, the problem's still there!

And rolling back to v10.6.4 doesn't solve the issue either.

Now multiple apps running in production are down 😱

@arladmin
Copy link

Finally, the workaround seems to be to reapply the "App Access Minimum" by first setting changing the permissions to "recommended Defaults" and then back to "App Access Minimum".

Note: in this process, any custom permissions applied originally are lost.

@azrikahar
Copy link
Contributor

Finally, the workaround seems to be to reapply the "App Access Minimum" by first setting changing the permissions to "recommended Defaults" and then back to "App Access Minimum".

I believe the reason why updating didn't work earlier was due to the cache still being the old/invalid permissions. The reason the stated workaround worked is because modifying the permissions subsequently cleared the corresponding cache along the way.

Tested the following steps as a confirmation:

  1. Started 10.7.0 with Redis cache.
  2. Attempt to login as a user with a role with minimum permission, gets No App Access error.
  3. Upgrade to 10.7.1.
  4. Attempt to login as the same user again, gets the same No App Access error.
  5. Used an admin token to clear the cache via /utils/cache/clear endpoint.
  6. Once again attempt to login as the same user, now it works (without having to reapply any permissions).

br-rafaelbarros pushed a commit to personal-forks/directus-source that referenced this issue Nov 7, 2023
@rijkvanzanten @br-rafaelbarros
Add theming fields to app required permissions (directus#20136)
a9f5e96 
* Add theming fields to app required permissions

Fixes directus#20135

* Add changeset
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rijkvanzanten rijkvanzanten

Labels
🍰 Bug 🍰 Regression
Projects
Software Roadmap
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add theming fields to app required permissions directus/directus
6 participants
@paescuj @u12206050 @rijkvanzanten @that1matt @azrikahar @arladmin