Open hcientist opened 1 year ago
Is there a way to (should we implement) guard against reaching an api view without the prereqs?
I'm not entirely sure how this happened, perhaps the person logged out in a different tab or something?
Internal Server Error: /api/courses/esm-test-september-2022/assignments/339/ AttributeError at /api/courses/esm-test-september-2022/assignments/339/ 'AnonymousUser' object has no attribute 'enrollment_set' Request Method: GET Request URL: https://urldefense.proofpoint.com/v2/url?u=https-3A__dev-2Dapi.musiccpr.org_api_courses_esm-2Dtest-2Dseptember-2D2022_assignments_339_&d=DwIFaQ&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=rrC3cfqvgBRASm9KpaFU7YZ-QoJM8uRBU44WMDnq2Ro&m=5MQipzdN53ctEjBF8_n6Ki3SasKEp-yczbVuLYgebwgUVqqpiUn7WzRY8NikqvuE&s=kLWMR9wHi50wvaQ9ETc5lR88ALuYCa7wa3z0oF1EU_c&e= Django Version: 3.2.11 Python Executable: /home/ec2-user/venv-dev/bin/python3 Python Version: 3.7.10 Python Path: ['/home/ec2-user/venv-dev/bin', '/home/ec2-user/dev-versions/live', '/home/ec2-user/dev-versions/v0.2.2', '/usr/lib64/python37.zip', '/usr/lib64/python3.7', '/usr/lib64/python3.7/lib-dynload', '/home/ec2-user/venv-dev/lib64/python3.7/site-packages', '/home/ec2-user/venv-dev/lib/python3.7/site-packages', '/home/ec2-user/dev-versions/v0.2.2/teleband'] Server time: Fri, 07 Oct 2022 21:00:27 -0400 Installed Applications: ['collectfast', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.admin', 'django.forms', 'crispy_forms', 'crispy_bootstrap5', 'allauth', 'allauth.account', 'allauth.socialaccount', 'rest_framework', 'rest_framework.authtoken', 'corsheaders', 'reversion', 'invitations', 'drf_spectacular', 'teleband.users', 'teleband.assignments', 'teleband.courses', 'teleband.instruments', 'teleband.musics', 'teleband.submissions', 'storages', 'anymail'] Installed Middleware: ['django.middleware.security.SecurityMiddleware', 'corsheaders.middleware.CorsMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.common.BrokenLinkEmailsMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'reversion.middleware.RevisionMiddleware'] Traceback (most recent call last): File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/asgiref/sync.py", line 472, in thread_handler raise exc_info[1] File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/django/core/handlers/exception.py", line 38, in inner response = await get_response(request) File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/django/core/handlers/base.py", line 233, in _get_response_async response = await wrapped_callback(request, *callback_args, **callback_kwargs) File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/asgiref/sync.py", line 435, in __call__ ret = await asyncio.wait_for(future, timeout=None) File "/usr/lib64/python3.7/asyncio/tasks.py", line 414, in wait_for return await fut File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/asgiref/current_thread_executor.py", line 22, in run result = self.fn(*self.args, **self.kwargs) File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/asgiref/sync.py", line 476, in thread_handler return func(*args, **kwargs) File "/usr/lib64/python3.7/contextlib.py", line 74, in inner return func(*args, **kwds) File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view return view_func(*args, **kwargs) File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/viewsets.py", line 125, in view return self.dispatch(request, *args, **kwargs) File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/views.py", line 509, in dispatch response = self.handle_exception(exc) File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/views.py", line 469, in handle_exception self.raise_uncaught_exception(exc) File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception raise exc File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/views.py", line 506, in dispatch response = handler(request, *args, **kwargs) File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/mixins.py", line 54, in retrieve instance = self.get_object() File "/home/ec2-user/venv-dev/lib64/python3.7/site-packages/rest_framework/generics.py", line 83, in get_object queryset = self.filter_queryset(self.get_queryset()) File "/home/ec2-user/dev-versions/live/teleband/assignments/api/views.py", line 69, in get_queryset role = self.request.user.enrollment_set.get(course=course).role Exception Type: AttributeError at /api/courses/esm-test-september-2022/assignments/339/ Exception Value: 'AnonymousUser' object has no attribute 'enrollment_set' Request information: USER: AnonymousUser
Either this viewset or the global default permission classes should include IsAuthenticated https://www.django-rest-framework.org/api-guide/permissions/
Is there a way to (should we implement) guard against reaching an api view without the prereqs?
I'm not entirely sure how this happened, perhaps the person logged out in a different tab or something?