-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merging Two tasks fails for lack of permission ( it seems ) #149
Comments
Is the new activity actually there after a page refresh? Or was it only added in the front-end data but never appeared in the backend? Delete and insert actions should have the same permission check, so it's weird that one works while the other doesn't... |
Btw, this shouldn't really be affected by your changes, since you didn't touch the relevant parts (I think), so you might have encountered a bug we haven't come across yet. |
Yes I assumed, but I did some changes to utils.py and changed secret.json I am going to delete the database, and restore from my backup. I will also Patrick Martinent On Mon, Oct 27, 2014 at 8:11 PM, Gerwin Sturm notifications@github.com
|
Looking into it on the Staging environment |
Now that I look at the screenshot better... seems like the merged activity is created but the "old' activities failed to be removed... Edit1: Edit2: Edit3: |
I was able to reproduce the error on the staging environment with those 2 particular activities (tricked the system thinking I'm @patt0 ). From the staging backend logs :
I tried to track where the message Then check_auth is called and subsequently get_current_account responsible to log In my understanding that should be ok and delete should work. Tried to merge 2 of my own activities "auto created" by the nightly task (logs from 21:59:22.735 to 21:59:26.384) and everything worked as expected. The 2 merges were done trying to provide |
Is it possible that there is some stray symbol in the email list? You can try this at https://console.developers.google.com/project/omega-keep-406/datastore/query Patrick would have had those issues independent of the changes we made. @SmokyBob While you can simulate @patt0 in the frontend, the backend will still check against your access token, knows that you are mauro.solcia@gmail.com and won't let you edit/delete/update records of anyone else, which is why this check is there, so it is expected that this doesn't work for you, even if you can simulate the requests from the frontend. Note: Since the admin_api_key is now "leaked" publicly we will have to change it once the authentication issues with multiple emails have been fixed, since it allows anyone without any extra authentication to change/delete/insert data into the API. Once the authentication issues have been fixed everything should work via normal OAuth authentication and it should then be removed from the frontend. |
Update: |
@Scarygami thx, the only thing I forgot to check is the GDE Masterlist where the email was stored with an extra space; pushing the updated value as we speak and adding a trim before pushing from the masterlist to the backend. My bad for putting the API key publicly inside the code (came in mind only yesterday that I could have used a non tracked file like is done in the backend); |
Nice catch !!! I have updated my account using the DataStore viewer, reset the Writes on The total impact graph does not update itself after you update View / Patrick Martinent On Tue, Oct 28, 2014 at 2:52 PM, Gerwin Sturm notifications@github.com
|
@SmokyBob probably for now best to also include the apikey in the delete requests (as in your tests) since #133 would affect those as well. |
Quick fix to the GDE Masterlist applied. |
merge should be fixed, deployed code to keep the graph and totals table updated after activity edit. |
We are ok I believe On Sat Nov 01 2014 at 6:36:43 PM Mauro Solcia notifications@github.com
|
Error messages ( twice as I was merging two activities )
The merged entity has been added, but the other two are still here.
The text was updated successfully, but these errors were encountered: