dhis2-devs team mailing list archive

Thread
Date

Re: API dataStore - 403 forbidden

To: Halvdan Hoem Grelland <halvdan@xxxxxxxxx>
From: Olav Poppe <olav.poppe@xxxxxx>
Date: Mon, 08 Aug 2016 20:53:23 +0200
Cc: DHIS 2 Developers list <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CACzpmAhn1ghOtfCYMmgnw2M6=MSPgpxCy9jsw=pak9S5PRnK9Q@mail.gmail.com>

Thanks, the user that gets "403 forbidden" has a user role with only "See <your-appname-here-without-braces>" and "See dashboard..." authorities and nothing else.

I have the same setup (user role with only "See dashboard..." and "See <your-appname-here-without-braces>") on 2.23 (though different database), but there it works fine.

Olav


> 8. aug. 2016 kl. 17.00 skrev Halvdan Hoem Grelland <halvdan@xxxxxxxxx>:
> 
> In order to access the data store your user needs either of the following:
> 
> - The "ALL" authority (i.e. a Superuser)
> - The "M_dhis-web-maintenance-appmanager" authority (aka. "See apps maintenance module)
> - The "See <your-appname-here-without-braces>" authority (the implicit app user auth)
> 
> I'm guessing your user doesn't have the last one.
> 
> On Mon, Aug 8, 2016 at 4:14 PM, Olav Poppe <olav.poppe@xxxxxx <mailto:olav.poppe@xxxxxx>> wrote:
> Hi devs, 
> I’m having issues with access to a namespace in api/dataStore on 2.24. It works for superusers, but not with a "regular" user with access to the app that defines the namespace.
> 
> I have the following setup:
> - custom app with this in the manifest.webapp:
> ...
> "activities": {
>         "dhis": {
>             "href": "http://localhost/stable <http://localhost/stable>",
>             "namespace": "dataQualityTool"
>         }
>     }
> ...
> - a user role giving access to this app, which from what I understand should also give access to the namespace defined/reserved by that app??
> 
> However, when trying to access the dataStore with a non-superuser, I get a 403 Forbidden response:
> message: "The namespace 'dataQualityTool' is protected, and you don't have the right authority to access it."
> 
> Am I missing or misunderstanding something here? The same setup works on 2.23 on a different database, so I’m not sure if it’s a bug that it works in 2.23, that it does not work in 2.24, or if there is an intentional change from 23 to 24…
> 
> Regards
> Olav
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs <https://launchpad.net/~dhis2-devs>
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx <mailto:dhis2-devs@xxxxxxxxxxxxxxxxxxx>
> Unsubscribe : https://launchpad.net/~dhis2-devs <https://launchpad.net/~dhis2-devs>
> More help   : https://help.launchpad.net/ListHelp <https://help.launchpad.net/ListHelp>
> 
> 
> 
> 
> -- 
> Halvdan Hoem Grelland
> Software developer, DHIS 2
> University of Oslo
> http://www.dhis2.org <https://www.dhis2.org/>
>

Follow ups

Re: API dataStore - 403 forbidden
From: Halvdan Hoem Grelland, 2016-08-12

References

API dataStore - 403 forbidden
From: Olav Poppe, 2016-08-08
Re: API dataStore - 403 forbidden
From: Halvdan Hoem Grelland, 2016-08-08