Admin no longer able to edit and save an event of another user

[mariobehling]

In the wizard step 1 the system admin is no longer able to edit and save the event, e.g. the way we kept spam from the start page manually was to set events to private in wizard step 1.

[iamareebjamal]

@kushthedude Why did this regression take place?

[kushthedude]

@iamareebjamal Admin can edit, There is some issue in making event private. I will take a look

[kushthedude]

@iamareebjamal This a server issue, When I try to make a event private using admin rights See the error :

INFO:werkzeug:127.0.0.1 - - [23/Jan/2020 16:12:09] "PATCH /v1/events/63fd0804 HTTP/1.1" 500 -
Traceback (most recent call last):
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/integrations/flask.py", line 70, in sentry_patched_wsgi_app
    environ, start_response
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/integrations/wsgi.py", line 120, in __call__
    reraise(*_capture_exception(hub))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/_compat.py", line 57, in reraise
    raise value
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/integrations/wsgi.py", line 116, in __call__
    _sentry_start_response, start_response, span
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/integrations/flask.py", line 69, in <lambda>
    return SentryWsgiMiddleware(lambda *a, **kw: old_app(self, *a, **kw))(
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 2463, in __call__
    return self.wsgi_app(environ, start_response)
  File "/Users/kush/open-event-server/app/instance.py", line 71, in __call__
    return self.app(environ, start_response)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 2449, in wsgi_app
    response = self.handle_exception(e)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1866, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/api.py", line 133, in decorated
    return self.check_permissions(view, view_args, view_kwargs, *args, **kwargs)
  File "/Users/kush/open-event-server/app/api/helpers/permission_manager.py", line 488, in permission_manager
    return permissions[args[0]](view, view_args, view_kwargs, *args, **kwargs)
  File "/Users/kush/open-event-server/app/api/helpers/permissions.py", line 46, in decorator
    return fn(*args, **kwargs)
  File "/Users/kush/open-event-server/app/api/helpers/permission_manager.py", line 74, in is_coorganizer
    return view(*view_args, **view_kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/decorators.py", line 32, in wrapper
    return func(*args, **kwargs)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/views.py", line 89, in view
    return self.dispatch_request(*args, **kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/resource.py", line 68, in dispatch_request
    response = method(*args, **kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/decorators.py", line 56, in wrapper
    return func(*args, **kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/resource.py", line 310, in patch
    self._data_layer.update_object(obj, data, kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/data_layers/alchemy.py", line 133, in update_object
    self.apply_relationships(data, obj)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/data_layers/alchemy.py", line 407, in apply_relationships
    related_model = getattr(obj.__class__, key).property.mapper.class_
AttributeError: 'property' object has no attribute 'property'

[iamareebjamal]

Only for private? Other fields in PATCH are working?

[kushthedude]

Only for private? Other fields in PATCH are working?

Yes only for private, Other changes I made for name,location,license were working fine.

[kushthedude]

@iamareebjamal Is it due to the old version of the fork of JSON-Rest we are using ?

[iamareebjamal]

It didn't happen before, so no

[kushthedude]

@iamareebjamal The case is not for admin editing events, No one can create private events

[codedsun]

@kushthedude - The request from the frontend is

{"data":{"attributes":{"name":"Testing","description":"Hey","starts-at":"2020-01-26T18:05:00.000Z","ends-at":"2020-04-01T11:30:41.280Z","timezone":"Asia/Calcutta","location-name":"Testing Singapore Lane Singapore Europe  Germany","searchable-location-name":"Singapore","longitude":0,"latitude":0,"logo-url":null,"original-image-url":null,"is-map-shown":true,"is-sponsors-enabled":false,"is-ticket-form-enabled":true,"is-sessions-speakers-enabled":false,"is-featured":false,"is-promoted":false,"is-billing-info-mandatory":false,"is-tax-enabled":false,"can-pay-by-paypal":false,"can-pay-by-paytm":false,"can-pay-by-stripe":false,"is-stripe-linked":false,"can-pay-by-cheque":false,"can-pay-by-bank":false,"can-pay-by-omise":false,"can-pay-by-alipay":false,"can-pay-onsite":false,"payment-country":null,"payment-currency":"USD","paypal-email":null,"cheque-details":null,"bank-details":null,"onsite-details":null,"schedule-published-on":"1970-01-01T00:00:00.000Z","has-owner-info":false,"owner-name":null,"owner-description":null,"external-event-url":null,"ticket-url":null,"code-of-conduct":null,"state":"published","privacy":"public","deleted-at":null},"relationships":{"event-type":{"data":{"type":"event-type","id":"15"}},"event-topic":{"data":{"type":"event-topic","id":"3"}},"event-sub-topic":{"data":{"type":"event-sub-topic","id":"46"}},"event-statistics-general":{"data":{"type":"event-statistics-general","id":"40"}},"user":{"data":{"type":"user","id":"2"}},"order-statistics":{"data":{"type":"order-statistics-event","id":"40"}},"owner":{"data":{"type":"user","id":"2"}},"organizers":{"data":[]},"coorganizers":{"data":[]},"track-organizers":{"data":[]},"registrars":{"data":[]},"moderators":{"data":[]}},"type":"event","id":"40"}}

The relationship here, the key param is wrong
"order-statistics":{"data":{"type":"order-statistics-event","id":"40"}}

should be

"event-order-statistics": { "data": { "type": "order-statistics-event", "id": "40" } },

which means the key order-statistics renamed to event-order-statistics . It will work fine, please check

[iamareebjamal]

Why is frontend even sending order statistics? Makes no sense

And the relationship should be order-statistics only, not event-order-statistics

So, it is both a server issue and frontend issue. More severe issue on the frontend

[codedsun]

@iamareebjamal - The frontend is also sending event-general-statistics. This should also not be sent.

[iamareebjamal]

That is my point. It should not be sending any relationship

[codedsun]

@iamareebjamal - The relationship endpoint is '/events/<int:id>/relationships/order-statistics' oly. So not an issue on server

api.route(
    EventRelationship,
    'event_order_statistics',
    '/events/<int:id>/relationships/order-statistics',
    '/events/<identifier>/relationships/order-statistics',
)

[iamareebjamal]

Then the server should be able to expect 'order-statistics' and not fail like it is currently

[codedsun]

As per the discussion with @iamareebjamal sir. It's not a server issue.

Areeb: Then change the key in frontend. Nothing can be done on server for this for now

[kushthedude]

Open the issue on frontend with the problems discussed with @iamareebjamal .

…

On Mon, 27 Jan, 2020, 02:18 Suneet Srivastava, ***@***.***> wrote: As per the discussion with @iamareebjamal <https://github.com/iamareebjamal> sir. It's not a server issue. Areeb: Then change the key in frontend. Nothing can be done on server for this for now — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#6776?email_source=notifications&email_token=AKQMTLRPB7TE7RQ4OTNJPPLQ7XZIDA5CNFSM4KKULWUKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJ55QHY#issuecomment-578541599>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKQMTLU2XRGTH627D34FFF3Q7XZIDANCNFSM4KKULWUA> .