search

denshoproject / namesdb-editor

Other
0 stars 0 forks source link

Cannot view FarRecord, WraRecord pages as a read-only user #52

Open GeoffFroh opened 2 months ago

GeoffFroh commented 2 months ago

To facilitate read-only access to the NR database app, a "Read Only" group was created in the admin ui. Users who are part of the "Read Only" group were given view permissions on all of the relevant content types (e.g., People, Irei Records, WRA Records, FAR Records, etc.).

Users in the group are able to view list pages for all of the content types as expected; however, attempting to view a FAR Record or WRA Record detail page fails with a KeyError. (see stacktrace below).

Turning on "change" permissions for FAR Record and WRA Record fixes the error, and this behavior does not occur with the Irei Record content type. 

Environment:

Request Method: GET
Request URL: https://namesstage.densho.org/admin/names/wrarecord/57323/change/

Django Version: 4.1.13
Python Version: 3.9.2
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'bootstrap_pagination',
 'drf_yasg',
 'rest_framework',
 'editor',
 'names',
 'namesdb_public',
 'ireizo_public']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware']

Traceback (most recent call last):
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/core/handlers/exception.py", line 56, in inner
    response = get_response(request)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/contrib/admin/options.py", line 686, in wrapper
    return self.admin_site.admin_view(view)(*args, **kwargs)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/utils/decorators.py", line 134, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/views/decorators/cache.py", line 62, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/contrib/admin/sites.py", line 242, in inner
    return view(request, *args, **kwargs)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/contrib/admin/options.py", line 1894, in change_view
    return self.changeform_view(request, object_id, form_url, extra_context)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/utils/decorators.py", line 46, in _wrapper
    return bound_method(*args, **kwargs)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/utils/decorators.py", line 134, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/contrib/admin/options.py", line 1751, in changeform_view
    return self._changeform_view(request, object_id, form_url, extra_context)
  File "/opt/namesdb-editor/venv/names/lib/python3.9/site-packages/django/contrib/admin/options.py", line 1824, in _changeform_view
    form = ModelForm(instance=obj)
  File "/opt/namesdb-editor/src/names/admin.py", line 264, in __init__
    self.fields['person'].help_text = f'&#8618; <a href="{url}">{name}</a>'

Exception Type: KeyError at /admin/names/wrarecord/57323/change/
Exception Value: 'person'
gjost commented 2 months ago

Downloaded database from server in colo and installed locally. I was able to duplicate the behavior in my dev environment.

gjost commented 2 months ago

Fixed in commit 01e604e.

Problem was a bit of code that, on FarRecord and WraRecord pages, inserted a link to Person in the person field helptext. Added code to not crash if this field is absent. Page now works and namesstage.densho.org has been updated. The Person link also continues to work even though it "shouldn't". ¯_(ツ)_/¯