wekan-python-api-client icon indicating copy to clipboard operation
wekan-python-api-client copied to clipboard

Published 20 hours ago verified publisher icon wekan

Problem with Wekan > 2.97 when getting cardlists

Open ykorzikowski opened this issue 6 years ago • 4 comments

This is working with wekan 2.97, but not with newer versions.

https://github.com/wekan/wekan-python-api-client/blob/3ccf64eedc0be14568232e3cb5d5007189d1b792/src/wekanapi/models.py#L26

Exception happened during processing of request from ('172.18.0.1', 34712)
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/socketserver.py", line 316, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/usr/local/lib/python3.8/socketserver.py", line 347, in process_request
    self.finish_request(request, client_address)
  File "/usr/local/lib/python3.8/socketserver.py", line 360, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/local/lib/python3.8/socketserver.py", line 720, in __init__
    self.handle()
  File "/usr/local/lib/python3.8/http/server.py", line 426, in handle
    self.handle_one_request()
  File "/usr/local/lib/python3.8/http/server.py", line 414, in handle_one_request
    method()
  File "/app/wekan_ical_server.py", line 30, in do_GET
    self.respond({'status': 200})
  File "/app/wekan_ical_server.py", line 55, in respond
    response = self.handle_http(opts['status'], self.path)
  File "/app/wekan_ical_server.py", line 41, in handle_http
    cardslists = board.get_cardslists()
  File "/usr/local/lib/python3.8/site-packages/wekanapi/models.py", line 12, in get_cardslists
    return [Cardslist(self.api, self, cardslist_data) for cardslist_data in cardslists_data]
  File "/usr/local/lib/python3.8/site-packages/wekanapi/models.py", line 12, in <listcomp>
    return [Cardslist(self.api, self, cardslist_data) for cardslist_data in cardslists_data]
  File "/usr/local/lib/python3.8/site-packages/wekanapi/models.py", line 26, in __init__
    self.id = cardslist_data["_id"]
TypeError: string indices must be integers

ykorzikowski avatar Oct 17 '19 18:10 ykorzikowski

Real error is:

{'isClientSafe': True, 'error': 'Forbidden', 'reason': 'Forbidden', 'message': 'Forbidden [Forbidden]', 'errorType': 'Meteor.Error', 'statusCode': 403}

ykorzikowski avatar Oct 17 '19 19:10 ykorzikowski

Giving user admin rights will fix this. Why does a user need admin rights to use the api?

Its only documented as "hint" in api docs. https://wekan.github.io/api/v3.46/#get_current_user

My recommendation: Add this into the introduction.

ykorzikowski avatar Oct 17 '19 22:10 ykorzikowski

@ykorzikowski

Huh? I hope you are not giving admin + api access to just any user. With API, it's possible to add users, change passwords, read data of all users etc. To really have per-user enough-restricted API, someone should test all of API and contribute pull requests to only allow user API to access user's own data. For any programmer that is creating code to access Wekan API, it's possible to make changes to API code at wekan/models/ with pull requests.

xet7 avatar Oct 17 '19 22:10 xet7

No no. :D i created a speerate user to make wekan boards visible to my calendar (see https://github.com/ykorzikowski/wekan-ical-server)

And until the 3.** releases it was possible to do this without giving the calendar user admin rights.

ykorzikowski avatar Oct 18 '19 00:10 ykorzikowski