Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix unauthorized error when accessing immediate results entry view with a client contact user #2332

Merged
merged 2 commits into from
Jun 8, 2023

Conversation

ramonski
Copy link
Contributor

@ramonski ramonski commented Jun 8, 2023

Description of the issue/feature this PR addresses

This PR fixes an insufficient privileges issue for client contact users with shared local roles when accessing the multi results view.

Current behavior before PR

Insufficient Privileges occurs for client contact users when creating a new sample when the setup option "Immediate results entry" is enabled.

Traceback:

    2023-06-08 11:35:12,452 DEBUG   [ImplPython:845][waitress-0] Unauthorized: Your user account does not have the required permission.  Access to 'multi_results' of (Client at /senaite/clients/client-19) denied. Your user account, ramontest, exists at /senaite/acl_users. Access requires senaite_core__Transition__Multi_Results_Permission, granted to the following roles: ['Analyst', 'LabClerk', 'LabManager', 'Manager', 'Sampler', 'Verifier']. Your roles in this context are ['Authenticated', 'Client', 'Member', 'Owner'].
    2023-06-08 11:35:12,453 DEBUG   [ImplPython:845][waitress-0] Unauthorized: Your user account does not have the required permission.  Access to 'multi_results' of (Client at /senaite/clients/client-19) denied. Your user account, Anonymous User, exists at /acl_users. Access requires senaite_core__Transition__Multi_Results_Permission, granted to the following roles: ['Analyst', 'LabClerk', 'LabManager', 'Manager', 'Sampler', 'Verifier']. Your roles in this context are ['Anonymous'].
    2023-06-08 11:35:12,455 DEBUG   [chameleon.loader:143][waitress-0] loading module from cache: 7d9ffcbbc911d56288015b0685a7b329.py.
    2023-06-08 11:35:12,456 DEBUG   [ImplPython:845][waitress-0] Unauthorized: Your user account does not have the required permission.  Access to '@@bootstrapview' of (Client at /senaite/clients/client-19) denied. Your user account, Anonymous User, exists at (unknown). Access requires View_Permission, granted to the following roles: ['Analyst', 'LabClerk', 'LabManager', 'Manager', 'Owner', 'Preserver', 'Publisher', 'RegulatoryInspector', 'Sampler', 'SamplingCoordinator', 'Verifier']. Your roles in this context are ['Anonymous'].
    2023-06-08 11:35:12,458 DEBUG   [txn.123145449070592:567][waitress-0] abort
    2023-06-08 11:35:12,459 ERROR   [Zope.SiteErrorLog:252][waitress-0] 1686216912.460.246721356438 http://127.0.0.1:8080/senaite/clients/client-19/multi_results
    Traceback (innermost last):
    Module ZPublisher.WSGIPublisher, line 176, in transaction_pubevents
    Module ZPublisher.WSGIPublisher, line 385, in publish_module
    Module ZPublisher.WSGIPublisher, line 264, in publish
    Module ZPublisher.BaseRequest, line 644, in traverse
    Module ZPublisher.HTTPResponse, line 1040, in unauthorized

Desired behavior after PR is merged

Client contact users with the right roles assigned are allowed to access the multi results view.

--
I confirm I have tested this PR thoroughly and coded it according to PEP8
and Plone's Python styleguide standards.

@ramonski ramonski requested a review from xispa June 8, 2023 10:40
@ramonski ramonski changed the title Fix unauthorized error for immediate results entry Fix unauthorized error when accessing immediate results entry view with a client contact user Jun 8, 2023
@xispa xispa merged commit e1c6d96 into 2.x Jun 8, 2023
@xispa xispa deleted the fix-multi-results-insufficient-privileges branch June 8, 2023 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

2 participants