search

graylog-labs / graylog2-web-interface

[DEPRECATED]
https://www.graylog.org/
611 stars 174 forks source link

"Not authorized to access resource id" when message is routed to 2 streams, one with, one without access #1623

Closed SjonHortensius closed 9 years ago

SjonHortensius commented 9 years ago

I have a few streams that contain the same message. One of these streams is a subset of the other, and I have given others read-access to that stream.

It seems that since upgrading to 1.2.1 this no longer works; although users see the messages in the stream, attempting to view the details of that message throws:

Oh no, something went wrong!
(You caused a org.graylog2.restclient.lib.APIException. API call failed GET http://xxx/messages/graylog2_2/49713841-66a2-11e5-9112-00163e07bc62 returned 403 Forbidden body: {"type":"ApiError","message":"Not authorized to access resource id 49713841-66a2-11e5-9112-00163e07bc62"})

Reason: Could not get message. We expected HTTP 200, but got a HTTP 403.

Need help?
Do not hesitate to consult the Graylog community if your questions are not answered in the documentation (http://docs.graylog.org/en/1.2).
   Forum / Mailing list (https://www.graylog.org/community-support/)
   Issue tracker (https://github.com/Graylog2/graylog2-web-interface/issues)
   Commercial support (https://www.graylog.com/support/)
Stacktrace
  org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder#handleResponse (ApiClientImpl.java:511)
  org.graylog2.restclient.lib.ApiClientImpl$ApiRequestBuilder#execute (ApiClientImpl.java:441)
  org.graylog2.restclient.models.MessagesService#getMessage (MessagesService.java:105)
  controllers.SearchController#showMessage (SearchController.java:505)
  Routes$$anonfun$routes$1$$anonfun$applyOrElse$9$$anonfun$apply$461#apply (routes_routing.scala:1661)
  Routes$$anonfun$routes$1$$anonfun$applyOrElse$9$$anonfun$apply$461#apply (routes_routing.scala:1661)
  play.core.Router$HandlerInvokerFactory$$anon$4#resultCall (Router.scala:264)
  play.core.Router$HandlerInvokerFactory$JavaActionInvokerFactory$$anon$15$$anon$1#invocation (Router.scala:255)
  play.core.j.JavaAction$$anon$1#call (JavaAction.scala:55)
  play.GlobalSettings$1#call (GlobalSettings.java:67)
  play.mvc.Security$AuthenticatedAction#call (Security.java:44)
  play.core.j.JavaAction$$anonfun$11#apply (JavaAction.scala:82)
  play.core.j.JavaAction$$anonfun$11#apply (JavaAction.scala:82)
  scala.concurrent.impl.Future$PromiseCompletingRunnable#liftedTree1$1 (Future.scala:24)
  scala.concurrent.impl.Future$PromiseCompletingRunnable#run (Future.scala:24)
  play.core.j.HttpExecutionContext$$anon$2#run (HttpExecutionContext.scala:40)
  play.api.libs.iteratee.Execution$trampoline$#execute (Execution.scala:46)
  play.core.j.HttpExecutionContext#execute (HttpExecutionContext.scala:32)
  scala.concurrent.impl.Future$#apply (Future.scala:31)
  scala.concurrent.Future$#apply (Future.scala:485)
  play.core.j.JavaAction$class#apply (JavaAction.scala:82)
  play.core.Router$HandlerInvokerFactory$JavaActionInvokerFactory$$anon$15$$anon$1#apply (Router.scala:252)
  play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5#apply (Action.scala:130)
  play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4$$anonfun$apply$5#apply (Action.scala:130)
  play.utils.Threads$#withContextClassLoader (Threads.scala:21)
  play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4#apply (Action.scala:129)
  play.api.mvc.Action$$anonfun$apply$1$$anonfun$apply$4#apply (Action.scala:128)
  scala.Option#map (Option.scala:145)
  play.api.mvc.Action$$anonfun$apply$1#apply (Action.scala:128)
  play.api.mvc.Action$$anonfun$apply$1#apply (Action.scala:121)
  play.api.libs.iteratee.Iteratee$$anonfun$mapM$1#apply (Iteratee.scala:483)
  play.api.libs.iteratee.Iteratee$$anonfun$mapM$1#apply (Iteratee.scala:483)
  play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1#apply (Iteratee.scala:519)
  play.api.libs.iteratee.Iteratee$$anonfun$flatMapM$1#apply (Iteratee.scala:519)
  play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14#apply (Iteratee.scala:496)
  play.api.libs.iteratee.Iteratee$$anonfun$flatMap$1$$anonfun$apply$14#apply (Iteratee.scala:496)
  scala.concurrent.impl.Future$PromiseCompletingRunnable#liftedTree1$1 (Future.scala:24)
  scala.concurrent.impl.Future$PromiseCompletingRunnable#run (Future.scala:24)
  akka.dispatch.TaskInvocation#run (AbstractDispatcher.scala:41)
  akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask#exec (AbstractDispatcher.scala:393)
  scala.concurrent.forkjoin.ForkJoinTask#doExec (ForkJoinTask.java:260)
  scala.concurrent.forkjoin.ForkJoinPool$WorkQueue#runTask (ForkJoinPool.java:1339)
  scala.concurrent.forkjoin.ForkJoinPool#runWorker (ForkJoinPool.java:1979)
  scala.concurrent.forkjoin.ForkJoinWorkerThread#run (ForkJoinWorkerThread.java:107)
SjonHortensius commented 9 years ago

Fixed by removing one of the streams and granting 'Reader' role to the user, whatever that means