search

OurchiveIO / ourchive

An easily installable fiction, audio, and image archive package.
GNU General Public License v3.0
7 stars 6 forks source link

Errors for users without upload privileges #135

Closed bellisk closed 2 weeks ago

bellisk commented 3 months ago

Describe the bug As a user who is not allowed to upload images/audio/files/video, I get errors when trying to:

To Reproduce

  1. Create a user on an Ourchive instance where the setting Auto-Allow Upload is False
  2. The user will not be allowed to upload images, audio, export files, or video
  3. Go to a work posted by another user that has comments on it
  4. At the bottom of the page, click to show/hide the comments (where it says "3 comment(s)" or similar). The blank space underneath will expand, but no comments will be displayed.
  5. Fill out the comment box and click "Post Comment"
  6. An error message will appear and the comment will not be created
  7. Finally, go to https://example.org/works/new and create a new work
  8. Click "Submit"
  9. An error message will appear and the work will not be created

Expected behavior Users without upload privileges should be able to read comments, leave comments, and create new works.

Screenshots Non-displayed comments: Screenshot 2024-04-19 at 23-14-36 Work - Test Fic

Error when trying to leave comment: Screenshot from 2024-04-19 23-15-22

Error when trying to create work: Screenshot from 2024-04-19 23-27-35

Desktop (please complete the following information):

Hosting Digital Ocean droplet running Ubuntu 22.04.c

Additional context Full log, when a user without upload privileges tries to view comments on a work and post their own comment:

urllib3.connectionpool DEBUG 2024-04-19 18:35:14,257 connectionpool 14728 139836487710208 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,261 connectionpool 14728 139836487710208 http://example.org:80 "POST /api/chaptercomments/ HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,263 connectionpool 14728 139836487710208 Starting new HTTPS connection (1): example.org:443
api.custom_exception_handler WARNING 2024-04-19 18:35:14,359 custom_exception_handler 14730 139836412335648 'dict' object has no attribute 'remove'
django.request ERROR 2024-04-19 18:35:14,497 log 14730 139836412335648 Internal Server Error: /api/chaptercomments/
Traceback (most recent call last):
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
    return view_func(request, *args, **kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/django/views/generic/base.py", line 104, in view
    return self.dispatch(request, *args, **kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/generics.py", line 246, in post
    return self.create(request, *args, **kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/mixins.py", line 19, in create
    self.perform_create(serializer)
  File "/home/ourchive/ourchive/ourchive_app/api/views.py", line 1121, in perform_create
    serializer.save(user=self.request.user, offset=offset, comment_thread=self.request.data.get('comment_thread', None), comment_count=self.request.data.get('comment_count', None))
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/serializers.py", line 208, in save
    self.instance = self.create(validated_data)
  File "/home/ourchive/ourchive/ourchive_app/api/serializers.py", line 438, in create
    validated_data['text'] = clean_text(validated_data['text'], self.context['request'].user) if validated_data['text'] is not None else ''
  File "/home/ourchive/ourchive/ourchive_app/api/utils.py", line 49, in clean_text
    attributes.remove('video')
AttributeError: 'dict' object has no attribute 'remove'
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,501 connectionpool 14728 139836487710208 https://example.org:443 "POST /api/chaptercomments/ HTTP/1.1" 500 116094
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,647 connectionpool 14729 139836487424320 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,650 connectionpool 14729 139836487424320 http://example.org:80 "GET /api/worktypes?Work%20Type HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,652 connectionpool 14729 139836487424320 Starting new HTTPS connection (1): example.org:443
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,735 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/worktypes?Work%20Type HTTP/1.1" 301 None
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,767 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/worktypes/?Work%20Type HTTP/1.1" 200 527
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,770 connectionpool 14729 139836487424320 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,776 connectionpool 14729 139836487424320 http://example.org:80 "GET /api/works/1/?Work HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,778 connectionpool 14729 139836487424320 Starting new HTTPS connection (1): example.org:443
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,881 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/works/1/?Work HTTP/1.1" 200 1408
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,885 connectionpool 14729 139836487424320 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,892 connectionpool 14729 139836487424320 http://example.org:80 "GET /api/works/1/chapters?limit=1&Chapter HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,894 connectionpool 14729 139836487424320 Starting new HTTPS connection (1): example.org:443
urllib3.connectionpool DEBUG 2024-04-19 18:35:14,970 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/works/1/chapters?limit=1&Chapter HTTP/1.1" 301 None
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,011 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/works/1/chapters/?limit=1&Chapter HTTP/1.1" 200 790
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,014 connectionpool 14729 139836487424320 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,021 connectionpool 14729 139836487424320 http://example.org:80 "GET /api/chapters/1/comments?limit=10&offset=0&Chapter%20Comments HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,023 connectionpool 14729 139836487424320 Starting new HTTPS connection (1): example.org:443
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,101 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/chapters/1/comments?limit=10&offset=0&Chapter%20Comments HTTP/1.1" 301 None
api.custom_exception_handler WARNING 2024-04-19 18:35:15,141 custom_exception_handler 14728 139836487710208 'dict' object has no attribute 'remove'
django.request ERROR 2024-04-19 18:35:15,186 log 14728 139836487710208 Internal Server Error: /api/chapters/1/comments/
Traceback (most recent call last):
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
    return view_func(request, *args, **kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/django/views/generic/base.py", line 104, in view
    return self.dispatch(request, *args, **kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/views.py", line 509, in dispatch
    response = self.handle_exception(exc)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/views.py", line 469, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
    raise exc
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/generics.py", line 243, in get
    return self.list(request, *args, **kwargs)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/mixins.py", line 43, in list
    return self.get_paginated_response(serializer.data)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/serializers.py", line 795, in data
    ret = super().data
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/serializers.py", line 249, in data
    self._data = self.to_representation(self.instance)
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/serializers.py", line 713, in to_representation
    return [
  File "/home/ourchive/ourchive/virtualenv/lib/python3.10/site-packages/rest_framework/serializers.py", line 714, in <listcomp>
    self.child.to_representation(item) for item in iterable
  File "/home/ourchive/ourchive/ourchive_app/api/serializers.py", line 465, in to_representation
    ret['text'] = clean_text(ret['text'], self.context['request'].user) if ret['text'] is not None else ''
  File "/home/ourchive/ourchive/ourchive_app/api/utils.py", line 49, in clean_text
    attributes.remove('video')
AttributeError: 'dict' object has no attribute 'remove'
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,190 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/chapters/1/comments/?limit=10&offset=0&Chapter%20Comments HTTP/1.1" 500 126809
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,193 connectionpool 14729 139836487424320 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,201 connectionpool 14729 139836487424320 http://example.org:80 "GET /api/users/katzenfabrik/bookmarkcollections?Collections HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,203 connectionpool 14729 139836487424320 Starting new HTTPS connection (1): example.org:443
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,286 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/users/katzenfabrik/bookmarkcollections?Collections HTTP/1.1" 200 102
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,290 connectionpool 14729 139836487424320 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,297 connectionpool 14729 139836487424320 http://example.org:80 "GET /api/users/3/ HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,299 connectionpool 14729 139836487424320 Starting new HTTPS connection (1): example.org:443
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,394 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/users/3/ HTTP/1.1" 200 654
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,398 connectionpool 14729 139836487424320 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,405 connectionpool 14729 139836487424320 http://example.org:80 "GET /api/contentpages/ HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,406 connectionpool 14729 139836487424320 Starting new HTTPS connection (1): example.org:443
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,490 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/contentpages/ HTTP/1.1" 200 102
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,494 connectionpool 14729 139836487424320 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,500 connectionpool 14729 139836487424320 http://example.org:80 "GET /api/settings HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,502 connectionpool 14729 139836487424320 Starting new HTTPS connection (1): example.org:443
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,575 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/settings HTTP/1.1" 301 None
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,608 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/settings/ HTTP/1.1" 200 2039
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,610 connectionpool 14729 139836487424320 Starting new HTTP connection (1): example.org:80
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,616 connectionpool 14729 139836487424320 http://example.org:80 "GET /api/adminannouncements/active HTTP/1.1" 308 180
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,618 connectionpool 14729 139836487424320 Starting new HTTPS connection (1): example.org:443
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,690 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/adminannouncements/active HTTP/1.1" 301 None
urllib3.connectionpool DEBUG 2024-04-19 18:35:15,722 connectionpool 14729 139836487424320 https://example.org:443 "GET /api/adminannouncements/active/ HTTP/1.1" 200 52
c-e-p commented 3 months ago

@bellisk Straightforward bug, queued for a fix. Thank you!