search

ckan / ckanext-harvest

Remote harvesting extension for CKAN
130 stars 203 forks source link

harvest actions NotAuthorized #126

Open eradan opened 9 years ago

eradan commented 9 years ago

Hello,

I installed the ckan-harvest plugin, stable branch.

Any command from CLI returns this error:

paster --plugin=ckanext-harvest harvester run --config=/etc/ckan/default/production.ini
2015-02-05 13:09:05,765 DEBUG [ckanext.harvest.model] Harvest tables defined in memory
2015-02-05 13:09:05,767 DEBUG [ckanext.harvest.model] Harvest tables already exist

2015-02-05 13:09:05,807 INFO  [ckanext.harvest.logic.action.update]
Harvest job run: {}
Traceback (most recent call last):
  File "/usr/lib/ckan/default/bin/paster", line 9, in <module>
    load_entry_point('PasteScript==1.7.5', 'console_scripts', 'paster')()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/script/command.py",
line 104, in run
    invoke(command, command_name, options, args[1:])
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/script/command.py",
line 143, in invoke
    exit_code = runner.run(args)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/script/command.py",
line 238, in run
    result = self.command()
  File "/usr/lib/ckan/default/src/ckanext-harvest/ckanext/harvest/commands/harvester.py",
line 122, in command
    self.run_harvester()
  File "/usr/lib/ckan/default/src/ckanext-harvest/ckanext/harvest/commands/harvester.py",
line 287, in run_harvester
    jobs = get_action('harvest_jobs_run')(context,{})
  File "/usr/lib/ckan/default/src/ckan/ckan/logic/__init__.py", line
421, in wrapped
    result = _action(context, data_dict, **kw)
  File "/usr/lib/ckan/default/src/ckanext-harvest/ckanext/harvest/logic/action/update.py",
line 292, in harvest_jobs_run
    check_access('harvest_jobs_run',context,data_dict)
  File "/usr/lib/ckan/default/src/ckan/ckan/logic/__init__.py", line
292, in check_access
    raise NotAuthorized(msg)
ckan.logic.NotAuthorized

The error occurs even when I ask for the source list, not only on the "run" command.

I debbuged the code. The user that is being retrievied from the get_site_user method is "default", which is a CKAN sysadm user.

mattfullerton commented 9 years ago

Also having this issue, but only because I deleted the default user...

mattfullerton commented 9 years ago

@eradan Was this on a fresh CKAN install? Despite restoring my default user, and despite setting a different 'ckan_site_user' in the config (not even sure that's intended/desired/supported), I'm still having the same problem.

mattfullerton commented 9 years ago

I seem to have solved my issue, I'm not entirely sure how, but mainly by not trying to create new organizations in my harvester has solved it for now

davidread commented 8 years ago

This issue is 6 months old and no response from the OP, so closing.

mattfullerton commented 7 years ago

Can you reopen? Having this problem again - upgrading CKAN to 2.6 and latest ckanext-harvest makes no difference. I'm clueless...

davidread commented 7 years ago

So the site user exists and is a sysadmin - good. So at what point is it getting rejected inside the check_access method?

amercader commented 7 years ago

@mattfullerton is this still an issue?

mattfullerton commented 7 years ago

Very much so, wanted to get back to this and follow up with @davidread

piersoft commented 7 years ago

news ?

davidread commented 7 years ago

@piersoft are you suffering this too? If so, at what point is it getting rejected inside the check_access method?

piersoft commented 7 years ago

yes.

now it works with:

if not logic_authorization['success']:

        msg = logic_authorization.get('msg', '')

      *  ##raise NotAuthorized(msg)*

if not context.get('auth_user_obj'): raise NotAuthorized(msg)

into /usr/lib/ckan/default/src/ckan/ckan/logic/init.py

2017-04-04 10:45 GMT+02:00 David Read notifications@github.com:

@piersoft https://github.com/piersoft are you suffering this too? If so, at what point is it getting rejected inside the check_access method?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ckan/ckanext-harvest/issues/126#issuecomment-291433911, or mute the thread https://github.com/notifications/unsubscribe-auth/AFzRuv0tUSuW0FivX451DR03aDO4JkXNks5rsgMbgaJpZM4DcJl4 .

davidread commented 7 years ago

Ok, great, now dig into why it is not authorized - this is occurs a couple of lines before in the call to authz.is_authorized. Either there is something in is_authorized itself or when it calls the auth_function itself which is: https://github.com/ckan/ckanext-harvest/blob/3836fcfd658cb680524e612bf517bad2509f999c/ckanext/harvest/logic/auth/update.py#L61

mattfullerton commented 6 years ago

I found my problem... the "default" user had state "deleted".

@piersoft @eradan Did you ever get this problem solved for yourselves? In the CKAN DB you can do this to check on the user: ckan_default=# select * from "user" where name='default';

And I fixed it like this: ckan_default=# update "user" set state='active' where name='default';

hammadhasandogar commented 5 years ago

@mattfullerton 's answer is correct, but user name might be different if you have changed the site_id in the configuration file. site_id value is your default user name. ckan_default=# update "user" set state='active' where name='default';

check your site_id value if default doesn't work