TandoorRecipes
Permissions deneid for view a page
Tandoor Version
1.3.3
Setup
Manual Setup
Reverse Proxy
Nginx Proxy Manager (NPM)
Other
No response
Bug description
After the update from 1.3.2 to 1.3.3 it is no longer possible to view recipes. The error always appears at the bottom right
"Forbidden There was an error loading a resource! {"detail": "You do not have the required permissions to viwe this page!"}"
I get these errors both with newly created recipes and with existing ones.
The gunicorn log says
[2022-08-05 11:42:23 +0200] [480] [DEBUG] Current configuration:
config: ./gunicorn.conf.py
wsgi_app: None
bind: ['unix:/var/www/recipes/recipes.sock']
backlog: 2048
workers: 1
worker_class: sync
threads: 1
worker_connections: 1000
max_requests: 0
max_requests_jitter: 0
timeout: 30
graceful_timeout: 30
keepalive: 2
limit_request_line: 4094
limit_request_fields: 100
limit_request_field_size: 8190
reload: False
reload_engine: auto
reload_extra_files: []
spew: False
check_config: False
print_config: False
preload_app: False
sendfile: None
reuse_port: False
chdir: /var/www/recipes
daemon: False
raw_env: []
pidfile: None
worker_tmp_dir: None
user: 1000
group: 33
umask: 0
initgroups: False
tmp_upload_dir: None
secure_scheme_headers: {'X-FORWARDED-PROTOCOL': 'ssl', 'X-FORWARDED-PROTO': 'https', 'X-FORWARDED-SSL': 'on'}
forwarded_allow_ips: ['127.0.0.1']
accesslog: None
disable_redirect_access_to_syslog: False
access_log_format: %(h)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s"
errorlog: /tmp/gunicorn_err.log
loglevel: debug
capture_output: True
logger_class: gunicorn.glogging.Logger
logconfig: None
logconfig_dict: {}
syslog_addr: udp://localhost:514
syslog: False
syslog_prefix: None
syslog_facility: user
enable_stdio_inheritance: False
statsd_host: None
dogstatsd_tags:
statsd_prefix:
proc_name: None
default_proc_name: recipes.wsgi:application
pythonpath: None
paste: None
on_starting: <function OnStarting.on_starting at 0x7fec4a6eb700>
on_reload: <function OnReload.on_reload at 0x7fec4a6eb820>
when_ready: <function WhenReady.when_ready at 0x7fec4a6eb940>
pre_fork: <function Prefork.pre_fork at 0x7fec4a6eba60>
post_fork: <function Postfork.post_fork at 0x7fec4a6ebb80>
post_worker_init: <function PostWorkerInit.post_worker_init at 0x7fec4a6ebca0>
worker_int: <function WorkerInt.worker_int at 0x7fec4a6ebdc0>
worker_abort: <function WorkerAbort.worker_abort at 0x7fec4a6ebee0>
pre_exec: <function PreExec.pre_exec at 0x7fec4a700040>
pre_request: <function PreRequest.pre_request at 0x7fec4a700160>
post_request: <function PostRequest.post_request at 0x7fec4a7001f0>
child_exit: <function ChildExit.child_exit at 0x7fec4a700310>
worker_exit: <function WorkerExit.worker_exit at 0x7fec4a700430>
nworkers_changed: <function NumWorkersChanged.nworkers_changed at 0x7fec4a700550>
on_exit: <function OnExit.on_exit at 0x7fec4a700670>
proxy_protocol: False
proxy_allow_ips: ['127.0.0.1']
keyfile: None
certfile: None
ssl_version: 2
cert_reqs: 0
ca_certs: None
suppress_ragged_eofs: True
do_handshake_on_connect: False
ciphers: None
raw_paste_global_conf: []
strip_header_spaces: False
[2022-08-05 11:42:23 +0200] [480] [INFO] Starting gunicorn 20.1.0
[2022-08-05 11:42:23 +0200] [480] [DEBUG] Arbiter booted
[2022-08-05 11:42:23 +0200] [480] [INFO] Listening at: unix:/var/www/recipes/recipes.sock (480)
[2022-08-05 11:42:23 +0200] [480] [INFO] Using worker: sync
[2022-08-05 11:42:23 +0200] [481] [INFO] Booting worker with pid: 481
[2022-08-05 11:42:23 +0200] [480] [DEBUG] 1 workers
[2022-08-05 11:42:27 +0200] [481] [DEBUG] GET /search/
[2022-08-05 11:42:28 +0200] [481] [DEBUG] GET /api/meal-plan/
[2022-08-05 11:42:28 +0200] [481] [DEBUG] GET /api/recipe-book/
[2022-08-05 11:42:28 +0200] [481] [DEBUG] GET /api/custom-filter/
[2022-08-05 11:42:28 +0200] [481] [DEBUG] GET /api/keyword/
[2022-08-05 11:42:28 +0200] [481] [DEBUG] GET /api/food/
[2022-08-05 11:42:29 +0200] [481] [DEBUG] GET /api/meal-plan/
[2022-08-05 11:42:29 +0200] [481] [DEBUG] GET /api/recipe/
[2022-08-05 11:42:29 +0200] [481] [DEBUG] GET /service-worker.js
[2022-08-05 11:42:30 +0200] [481] [DEBUG] GET /view/recipe/14
[2022-08-05 11:42:31 +0200] [481] [DEBUG] GET /api/recipe/14/
Forbidden: /api/recipe/14/
[2022-08-05 11:42:31 +0200] [481] [DEBUG] GET /service-worker.js
Relevant logs
No response
are you logged in ? what are the permissions set for the user you are using ?
Hey, I am logged in (I logged out and in again).
The error:
permissions set:
I also have this error with newly created recipes.
the permission in version 1.3 are set on a per space basis, so i need the information from the space settings page
hey,
sorry I'm not quite sure what overview you need.
I get the same error when I log in as another user.
that is very interesting as your user appears to have the correct permissions ..
to be honest i am not sure whats happending here but because you are on a manual setup i cant really help your any further as there are basically infinite things that can be wrong. I will leave this issue open for a while and maybe someone on discord will be able to help you, otherwise i would recommend using the docker setup and testing if things are broken there as well (which i dont think because no one else reported having any issues)
I can confirm this issue.
But I also use the manual installation method. :)
So far everything has been ok and I have updated as usual. I was also able to create a new recipe but not view it afterwards. In fact, I can no longer view any of the recipes.
I did non create any custom spaces (just use "default").
EDIT: After doing bin/python3.9 manage.py collectstatic and bin/python3.9 manage.py collectstatic_js_reverse again (!), and restarting the service, everything is fine again.
@beedaddy
Thank you for pointing this out. It worked the same way for me. It looks to me as if it is important that the "bin/python3 manage.py collectstatic". outputs that "0 static files copied". If I remember correctly, I was able to solve my other problem (#1926) with this.