Skip to content

isolate problem of rogue 403 errors #769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
erikcameron wants to merge 2 commits into
base: pnl-devel
Choose a base branch
from
Draft

isolate problem of rogue 403 errors #769

erikcameron wants to merge 2 commits into from

Conversation

@erikcameron
Copy link

@erikcameron erikcameron commented Aug 13, 2025
edited
Loading

The Forbidden message on logout (and elsewhere) was caused by:

  1. When the system creates a new user, they don't have any access (i.e., access on the user model is [])
  2. The ensureAuthenticated module is also apparently doing some authorization--- if the user's access is empty, it denies the request with a 403. This is applied to the whole API, including the stuff on the user dashboard.

This at least illustrates the problem by changing the user creation logic to include a default access; if you pull this branch and make a new user, the rogue Forbiddens go away. That's not to say this is a solution--- seems like finer grained access control might be the answer there. But in the meantime we know what it is and can kludge it if necessary. (Still marking as a draft to prevent accidental merge)

I also changed a couple things in the setup for local dev, can always do those in a separate PR though.

@erikcameron erikcameron marked this pull request as draft August 13, 2025 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@erikcameron