search

fossasia / open-event-server

The Open Event Organizer Server to Manage Events https://test-api.eventyay.com
https://api.eventyay.com
GNU General Public License v3.0
2.98k stars 1.89k forks source link

Admin no longer able to edit and save an event of another user #6776

Closed mariobehling closed 4 years ago

mariobehling commented 4 years ago

In the wizard step 1 the system admin is no longer able to edit and save the event, e.g. the way we kept spam from the start page manually was to set events to private in wizard step 1.

Screenshot from 2020-01-22 16-12-04

iamareebjamal commented 4 years ago

@kushthedude Why did this regression take place?

kushthedude commented 4 years ago

@iamareebjamal Admin can edit, There is some issue in making event private. I will take a look

kushthedude commented 4 years ago

@iamareebjamal This a server issue, When I try to make a event private using admin rights See the error :

INFO:werkzeug:127.0.0.1 - - [23/Jan/2020 16:12:09] "PATCH /v1/events/63fd0804 HTTP/1.1" 500 -
Traceback (most recent call last):
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/integrations/flask.py", line 70, in sentry_patched_wsgi_app
    environ, start_response
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/integrations/wsgi.py", line 120, in __call__
    reraise(*_capture_exception(hub))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/_compat.py", line 57, in reraise
    raise value
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/integrations/wsgi.py", line 116, in __call__
    _sentry_start_response, start_response, span
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/sentry_sdk/integrations/flask.py", line 69, in <lambda>
    return SentryWsgiMiddleware(lambda *a, **kw: old_app(self, *a, **kw))(
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 2463, in __call__
    return self.wsgi_app(environ, start_response)
  File "/Users/kush/open-event-server/app/instance.py", line 71, in __call__
    return self.app(environ, start_response)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 2449, in wsgi_app
    response = self.handle_exception(e)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1866, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app
    response = self.full_dispatch_request()
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask_cors/extension.py", line 161, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request
    rv = self.dispatch_request()
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/api.py", line 133, in decorated
    return self.check_permissions(view, view_args, view_kwargs, *args, **kwargs)
  File "/Users/kush/open-event-server/app/api/helpers/permission_manager.py", line 488, in permission_manager
    return permissions[args[0]](view, view_args, view_kwargs, *args, **kwargs)
  File "/Users/kush/open-event-server/app/api/helpers/permissions.py", line 46, in decorator
    return fn(*args, **kwargs)
  File "/Users/kush/open-event-server/app/api/helpers/permission_manager.py", line 74, in is_coorganizer
    return view(*view_args, **view_kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/decorators.py", line 32, in wrapper
    return func(*args, **kwargs)
  File "/Users/kush/open-event-server/venv/lib/python3.7/site-packages/flask/views.py", line 89, in view
    return self.dispatch_request(*args, **kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/resource.py", line 68, in dispatch_request
    response = method(*args, **kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/decorators.py", line 56, in wrapper
    return func(*args, **kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/resource.py", line 310, in patch
    self._data_layer.update_object(obj, data, kwargs)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/data_layers/alchemy.py", line 133, in update_object
    self.apply_relationships(data, obj)
  File "/Users/kush/open-event-server/venv/src/flask-rest-jsonapi/flask_rest_jsonapi/data_layers/alchemy.py", line 407, in apply_relationships
    related_model = getattr(obj.__class__, key).property.mapper.class_
AttributeError: 'property' object has no attribute 'property'
iamareebjamal commented 4 years ago

Only for private? Other fields in PATCH are working?

kushthedude commented 4 years ago

Only for private? Other fields in PATCH are working?

Yes only for private, Other changes I made for name,location,license were working fine.

kushthedude commented 4 years ago

@iamareebjamal Is it due to the old version of the fork of JSON-Rest we are using ?

iamareebjamal commented 4 years ago

It didn't happen before, so no

kushthedude commented 4 years ago

@iamareebjamal The case is not for admin editing events, No one can create private events

codedsun commented 4 years ago

@kushthedude - The request from the frontend is 

{"data":{"attributes":{"name":"Testing","description":"Hey","starts-at":"2020-01-26T18:05:00.000Z","ends-at":"2020-04-01T11:30:41.280Z","timezone":"Asia/Calcutta","location-name":"Testing Singapore Lane Singapore Europe  Germany","searchable-location-name":"Singapore","longitude":0,"latitude":0,"logo-url":null,"original-image-url":null,"is-map-shown":true,"is-sponsors-enabled":false,"is-ticket-form-enabled":true,"is-sessions-speakers-enabled":false,"is-featured":false,"is-promoted":false,"is-billing-info-mandatory":false,"is-tax-enabled":false,"can-pay-by-paypal":false,"can-pay-by-paytm":false,"can-pay-by-stripe":false,"is-stripe-linked":false,"can-pay-by-cheque":false,"can-pay-by-bank":false,"can-pay-by-omise":false,"can-pay-by-alipay":false,"can-pay-onsite":false,"payment-country":null,"payment-currency":"USD","paypal-email":null,"cheque-details":null,"bank-details":null,"onsite-details":null,"schedule-published-on":"1970-01-01T00:00:00.000Z","has-owner-info":false,"owner-name":null,"owner-description":null,"external-event-url":null,"ticket-url":null,"code-of-conduct":null,"state":"published","privacy":"public","deleted-at":null},"relationships":{"event-type":{"data":{"type":"event-type","id":"15"}},"event-topic":{"data":{"type":"event-topic","id":"3"}},"event-sub-topic":{"data":{"type":"event-sub-topic","id":"46"}},"event-statistics-general":{"data":{"type":"event-statistics-general","id":"40"}},"user":{"data":{"type":"user","id":"2"}},"order-statistics":{"data":{"type":"order-statistics-event","id":"40"}},"owner":{"data":{"type":"user","id":"2"}},"organizers":{"data":[]},"coorganizers":{"data":[]},"track-organizers":{"data":[]},"registrars":{"data":[]},"moderators":{"data":[]}},"type":"event","id":"40"}}

The relationship here, the key param is wrong "order-statistics":{"data":{"type":"order-statistics-event","id":"40"}}

should be

"event-order-statistics": { "data": { "type": "order-statistics-event", "id": "40" } },

which means the key ~order-statistics~ renamed to event-order-statistics . It will work fine, please check

iamareebjamal commented 4 years ago

Why is frontend even sending order statistics? Makes no sense

And the relationship should be order-statistics only, not event-order-statistics

So, it is both a server issue and frontend issue. More severe issue on the frontend

codedsun commented 4 years ago

@iamareebjamal - The frontend is also sending event-general-statistics. This should also not be sent.

iamareebjamal commented 4 years ago

That is my point. It should not be sending any relationship

codedsun commented 4 years ago

@iamareebjamal - The relationship endpoint is '/events/<int:id>/relationships/order-statistics' oly. So not an issue on server

api.route(
    EventRelationship,
    'event_order_statistics',
    '/events/<int:id>/relationships/order-statistics',
    '/events/<identifier>/relationships/order-statistics',
)
iamareebjamal commented 4 years ago

Then the server should be able to expect 'order-statistics' and not fail like it is currently

codedsun commented 4 years ago

As per the discussion with @iamareebjamal sir. It's not a server issue.

Areeb: Then change the key in frontend. Nothing can be done on server for this for now

kushthedude commented 4 years ago

Open the issue on frontend with the problems discussed with @iamareebjamal .

On Mon, 27 Jan, 2020, 02:18 Suneet Srivastava, notifications@github.com wrote:

As per the discussion with @iamareebjamal https://github.com/iamareebjamal sir. It's not a server issue.

Areeb: Then change the key in frontend. Nothing can be done on server for this for now

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/fossasia/open-event-server/issues/6776?email_source=notifications&email_token=AKQMTLRPB7TE7RQ4OTNJPPLQ7XZIDA5CNFSM4KKULWUKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJ55QHY#issuecomment-578541599, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKQMTLU2XRGTH627D34FFF3Q7XZIDANCNFSM4KKULWUA .