search

Keleo / kimai2-grandtotal

A plugin to import timesheet data from Kimai in GrandTotal
Other
1 stars 4 forks source link

Can't connect #4

Closed Cheatha closed 3 years ago

Cheatha commented 3 years ago

Server: Lastest official Docker release from https://github.com/tobybatch/kimai2 via docker-compose.yml Grandtotal: Version 6.1.9.6 macOS: 10.15.6

After downloading the plug-in via GrandTotal I tried to connect to my Kimai instance. After entering the credentials there is this error: Line 129: TypeError: undefined is not a function (near '...user of apiUsers...')

On the Server side this error is thrown: NOTICE: PHP message: [2020-09-21 15:26:57] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: "Access denied." at /opt/kimai/vendor/symfony/security-http/Firewall/ExceptionListener.php line 137 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\AccessDeniedHttpException(code: 0): Access denied. at /opt/kimai/vendor/symfony/security-http/Firewall/ExceptionListener.php:137, Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access denied. at /opt/kimai/vendor/sensio/framework-extra-bundle/src/EventListener/SecurityListener.php:78)"} []

This happens on two different Macs and also when I try to connect to demo.kimai.org

kevinpapst commented 3 years ago

I will have a look at the wrong error handling.

Did you use the API password or the Kimai password?

Cheatha commented 3 years ago

Thanks! I used the API password

kevinpapst commented 3 years ago

Grandtotal: Version 6.1.9.4 macOS: 10.15.6

Try susan_super and api_kitten with https://demo.kimai.org. This works for me here.

Cheatha commented 3 years ago

I've added the system-admin role to my user and it works now. So you need system-admin permissions to use this API call? That's a pity, because I can't grant everyone the system-admin permissions and I can't seperate between different teams. Thanks for your support, looks like I have to create one Kimai-Instance per team…

kevinpapst commented 3 years ago

I guess it is the view_user permission that is needed, as the initial error near '...user of apiUsers...' indicates that the list of users could not be fetched.

If you want to filter for teams, you could add more configuration settings for the plugin here: https://github.com/Keleo/kimai2-grandtotal/blob/master/Kimai2.grandtotalplugin/Info.plist#L27

And you can adjust the timesheet query here:
https://github.com/Keleo/kimai2-grandtotal/blob/master/Kimai2.grandtotalplugin/index.js#L137

Just in case you want to :

Collaborate, contribute, iterate, improve

Anly a quote from a random website 😁

Cheatha commented 3 years ago

Thanks for the suggestions! But if I understand correctly this means the grandtotal user still needs to have the system-admin privilege, I would only filter the view on the clients side. Maybe that's not the ideal solution, but I understand that's all the plugin can handle. I'm no developer so I can't help much, but I added some more explanation and sent a pull request.

kevinpapst commented 3 years ago

It sounds as if you haven't explored the Kimai permission system yet. Am I right?

Let me briefly explain: every user-role is a set of permissions. The existing roles are just there for convenience and each role includes a pre-configured list of permissions.

The user does not have to have the System-Admin role (which includes the view_user permission), he just needs to have the the view_user permission itself.

You could create a new user-role "Grandtotal" and only add the one view_user permission to that role. Now assign that new role to every user that is allowed to use GrandTotal.

Or you simply assign the view_user permission to the "normal user" role. Read more about the permission system here: https://www.kimai.org/documentation/permissions.html You can access it from the user administration (listing) page.

This permission is required, because the timesheets are not filtered by the user itself, but currently the timesheets for all users are fetched. And these timesheets should display the real username in Grandtotal. For that I need the plugin needs to load the user list. That is not perfect and needs to be changed in Kimai itself, but well ... currently it is necessary ^^

Cheatha commented 3 years ago

Wow, no, I've totally missed that! Sorry, trying the plugin was almost the first thing to do because that's most important to me. The permission system looks great and your explanation helped me a lot. After creating this new user-role everything works fine. Thank you!