← Back to team overview

dhis2-devs team mailing list archive

Re: API dataStore - 403 forbidden

 

Also, what is the exact name of the "See ..." authority in the system?

On Fri, Aug 12, 2016 at 10:44 AM, Halvdan Hoem Grelland <halvdan@xxxxxxxxx>
wrote:

> Hi again (and sorry for the late reply).
>
> There seems to be no meaningful changes (that I can find, at least) for
> this between 2.23 and 2.24, so the difference is most likely down to a
> difference between the two databases. Did you try the 'working' DB on 2.24?
>
> Also copying in Stian, who is more familiar with the
> is stuff than I am.
>
> On Mon, Aug 8, 2016 at 8:53 PM, Olav Poppe <olav.poppe@xxxxxx> wrote:
>
>> Thanks, the user that gets "403 forbidden" has a user role with only "See
>> <your-appname-here-without-braces>" and "See dashboard..." authorities
>> and nothing else.
>>
>> I have the same setup (user role with only "See dashboard..." and "See
>> <your-appname-here-without-braces>") on 2.23 (though different
>> database), but there it works fine.
>>
>> Olav
>>
>>
>>
>> 8. aug. 2016 kl. 17.00 skrev Halvdan Hoem Grelland <halvdan@xxxxxxxxx>:
>>
>> In order to access the data store your user needs either of the following:
>>
>> - The "ALL" authority (i.e. a Superuser)
>> - The "M_dhis-web-maintenance-appmanager" authority (aka. "See apps
>> maintenance module)
>> - The "See <your-appname-here-without-braces>" authority (the implicit
>> app user auth)
>>
>> I'm guessing your user doesn't have the last one.
>>
>> On Mon, Aug 8, 2016 at 4:14 PM, Olav Poppe <olav.poppe@xxxxxx> wrote:
>>
>>> Hi devs,
>>> I’m having issues with access to a namespace in api/dataStore on 2.24.
>>> It works for superusers, but not with a "regular" user with access to the
>>> app that defines the namespace.
>>>
>>> I have the following setup:
>>> - custom app with this in the manifest.webapp:
>>> ...
>>> "activities": {
>>>         "dhis": {
>>>             "href": "http://localhost/stable";,
>>>             "namespace": "dataQualityTool"
>>>         }
>>>     }
>>> ...
>>> - a user role giving access to this app, which from what I understand
>>> should also give access to the namespace defined/reserved by that app??
>>>
>>> However, when trying to access the dataStore with a non-superuser, I get
>>> a 403 Forbidden response:
>>>
>>>    - message: "The namespace 'dataQualityTool' is protected, and you
>>>    don't have the right authority to access it."
>>>
>>>
>>> Am I missing or misunderstanding something here? The same setup works on
>>> 2.23 on a different database, so I’m not sure if it’s a bug that it works
>>> in 2.23, that it does not work in 2.24, or if there is an intentional
>>> change from 23 to 24…
>>>
>>> Regards
>>> Olav
>>>
>>>    -
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~dhis2-devs
>>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~dhis2-devs
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Halvdan Hoem Grelland
>> Software developer, DHIS 2
>> University of Oslo
>> http://www.dhis2.org <https://www.dhis2.org/>
>>
>>
>>
>
>
> --
> Halvdan Hoem Grelland
> Software developer, DHIS 2
> University of Oslo
> http://www.dhis2.org <https://www.dhis2.org/>
>
>


-- 
Halvdan Hoem Grelland
Software developer, DHIS 2
University of Oslo
http://www.dhis2.org <https://www.dhis2.org/>

Follow ups

References