Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extra metadata endpoint return 403 even if the user has view perms #9842

Closed
mattiagiupponi opened this issue Aug 10, 2022 · 0 comments
Closed

Extra metadata endpoint return 403 even if the user has view perms #9842

mattiagiupponi opened this issue Aug 10, 2022 · 0 comments
Assignees
@mattiagiupponi
Labels
4.0.x API v2 major A high priority issue which might affect a lot of people or large parts of the codebase master
Milestone
4.0.1

Comments

@mattiagiupponi
Copy link
Contributor

mattiagiupponi commented Aug 10, 2022
edited
Loading

Expected Behavior

If a user with view perms reach /api/v2/resources/{resource_id}/extra_metadata/ it should be able to see the endpoint

Actual Behavior

The API raises a 403 since it checks the UserHasPerms class for each method defined in the @action class when the self.get_object() is called

Steps to Reproduce the Problem

  1. navigate to /api/v2/resources/{resource_id}/extra_metadata/ with a user with just view permissions
  2. the endpoint will raise a 403

Specifications

  • GeoNode version: master, 4.x
  • Installation method (manual, GeoNode Docker, SPCGeoNode Docker): all
  • Platform: all
  • Additional details:
@mattiagiupponi mattiagiupponi self-assigned this Aug 10, 2022
@mattiagiupponi mattiagiupponi added API v2 master 4.0.x major A high priority issue which might affect a lot of people or large parts of the codebase labels Aug 10, 2022
@mattiagiupponi mattiagiupponi added this to the 4.0.1 milestone Aug 10, 2022
mattiagiupponi added a commit that referenced this issue Aug 10, 2022
@mattiagiupponi
[Fixes #9842] Extra metadata endpoint return 403 even if the user has…
5643163 
… view perms
mattiagiupponi added a commit that referenced this issue Aug 10, 2022
@mattiagiupponi
[Fixes #9842] Extra metadata endpoint return 403 even if the user has…
d576d6c 
… view perms
mattiagiupponi added a commit that referenced this issue Aug 10, 2022
@mattiagiupponi
[Fixes #9842] Extra metadata endpoint return 403 even if the user has…
1df7a5a 
… view perms
mattiagiupponi added a commit that referenced this issue Aug 10, 2022
@mattiagiupponi
[Fixes #9842] Extra metadata endpoint return 403 even if the user has…
b62f1d1 
… view perms
github-actions bot pushed a commit that referenced this issue Aug 10, 2022
@mattiagiupponi @github-actions
[Fixes #9842] Extra metadata endpoint return 403 even if the user has… (
4ea1863 
#9843)

* [Fixes #9842] Extra metadata endpoint return 403 even if the user has view perms
mattiagiupponi added a commit that referenced this issue Aug 10, 2022
@github-actions @mattiagiupponi
[Fixes #9842] Extra metadata endpoint return 403 even if the user has… (
ccd3025 
#9843) (#9844)

* [Fixes #9842] Extra metadata endpoint return 403 even if the user has view perms

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
@etj etj mentioned this issue Aug 17, 2022
Merged
12 tasks
mattiagiupponi added a commit that referenced this issue Aug 17, 2022
@mattiagiupponi
Add test on extra metadta (#9859)
a313150 
[Fixes #9842] Extra metadata endpoint return 403 even if the user has view perms, add new test
github-actions bot pushed a commit that referenced this issue Aug 17, 2022
@mattiagiupponi @github-actions
Add test on extra metadta (#9859)
28d5d69 
[Fixes #9842] Extra metadata endpoint return 403 even if the user has view perms, add new test
mattiagiupponi added a commit that referenced this issue Aug 17, 2022
@github-actions @mattiagiupponi
Add test on extra metadta (#9859) (#9860)
db972f1 
[Fixes #9842] Extra metadata endpoint return 403 even if the user has view perms, add new test

Co-authored-by: mattiagiupponi <51856725+mattiagiupponi@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattiagiupponi mattiagiupponi

Labels
4.0.x API v2 major A high priority issue which might affect a lot of people or large parts of the codebase master
Projects
None yet
Milestone
4.0.1
Development

No branches or pull requests
1 participant
@mattiagiupponi