Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

工单发起人无权限查看工单 #1881

Closed
jarod opened this issue Sep 27, 2022 · 2 comments
Closed

工单发起人无权限查看工单 #1881

jarod opened this issue Sep 27, 2022 · 2 comments

Comments

@jarod
Copy link

jarod commented Sep 27, 2022

重现步骤

  1. docker-compose方式启动archery 1.9.0
  2. 非管理员帐号提交SQL上线工单

预期外的结果

提交上线工单后,跳转页面(url https://xxx.com/detail/xx/) 403 Forbidden

工单管理员可以看见

恢复到1.8.5版本,新发起的工单正常,用1.9.0版本期间发起的工单还是看不到

估计是1.9.0发起工单的时候,发起人信息存到工单的记录出问题了

日志文本

[2022-09-27 16:48:27,868][MainThread:139910281197376][task_id:django-q][cluster.py:395][ERROR]- Failed [sqlreview-pass-42] - Users matching query does not exist. : Traceback (most recent call last):
  File "/opt/venv4archery/lib/python3.9/site-packages/django_q/cluster.py", line 432, in worker
    res = f(*task["args"], **task["kwargs"])
  File "/opt/archery/sql/notify.py", line 212, in notify_for_audit
    msg_to = [Users.objects.get(username=audit_detail.create_user)]
  File "/opt/venv4archery/lib/python3.9/site-packages/django/db/models/manager.py", line 85, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/opt/venv4archery/lib/python3.9/site-packages/django/db/models/query.py", line 650, in get
    raise self.model.DoesNotExist(
sql.models.Users.DoesNotExist: Users matching query does not exist.

[2022-09-27 16:56:04,625][MainThread:140182566295360][task_id:default][exception_logging_middleware.py:12][ERROR]- Traceback (most recent call last):
  File "/opt/venv4archery/lib/python3.9/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/archery/sql/views.py", line 184, in detail
    raise PermissionDenied
django.core.exceptions.PermissionDenied

版本

1.9.0

部署方式

Docker

是否还有其他可以辅助定位问题的信息?比如数据库版本等
@hhyo
Copy link
Owner

hhyo commented Sep 27, 2022
edited

看代码是没有保存提交人信息,如果强制指定为登录用户,是不是原来api指定user的就废了@nick2wang

代码内已经指定了engineer_display,看起来通过api创建时指定提交人应该已经失效了

hhyo added a commit that referenced this issue Sep 27, 2022
@hhyo
解决SQL工单提交人信息缺失的问题 fix #1881
c821122
@jarod
Copy link
Author

jarod commented Sep 30, 2022

这个bug可以说导致1.9.0处于不可用的状态,建议迅速发bugfix版本。不发新版本也应该先把1.9.0撤回。

hhyo added a commit that referenced this issue Oct 7, 2022
@hhyo
解决SQL工单提交人信息缺失的问题 fix #1881
af997ec
@hhyo hhyo closed this as completed in cc70b96 Oct 7, 2022
@hhyo hhyo mentioned this issue May 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jarod @hhyo