search

pophealth / popHealth

popHealth - An Open Source Population Health Reporting Prototype
http://projectpophealth.org
Apache License 2.0
126 stars 154 forks source link

New user doesn't get admin rights #272

Closed okorokhina closed 9 years ago

okorokhina commented 9 years ago

executing curl -X POST -u okorokhina:Sindirella123 -H "Content-Type: text/xml" -d @qrda.xml http://188.166.46.65:4000/api/patients with valid xml data getting 403:

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta http-equiv="content-script-type" content="text/javascript">

<title>popHealth : An Open Source Quality Measure Reference Implementation</title> <link rel="shortcut icon" href="/favicon.ico"/>

<link href="/assets/application.css?body=1" media="all" rel="stylesheet" />

<meta content="authenticity_token" name="csrf-param" /> <meta content="4j+q889N4jOnl98MPBxBD6MTdUu4zCV/uWo0MtvVK8I=" name="csrf-token" />

<script type="text/javascript" charset="utf-8"> rootContext = ""; </script> </head> <body> <div class="navbar navbar-default" role="navigation"> <div class="container"> <div class="navbar-header col-lg-4"> <a class="logo" href="/" style="max-width: initial"><img alt="Pophealth logo small trans" src="/assets/pophealth_logo_small-trans.png" /></a> </div> <div class="collapse navbar-collapse in"> <ul class="nav navbar-nav pull-left" style="margin-top: 10px"> <li class="location">General Hospital <span class="time"> 2012</span></li> </ul> <ul class="nav pull-right"> <li class="divider-vertical"></li> <li class="profile"> <div class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown" href="#"> <i class="glyphicon glyphicon-user"></i> Olga </a> <ul class="dropdown-menu pull-right" role="menu" aria-labelledby="User"> <li><a href="/users/edit.54db4dc0506f70453b040000"><i class="glyphicon glyphicon-edit"></i> Edit Account</a></li> <li><a data-method="delete" href="/users/sign_out" rel="nofollow"><i class="glyphicon glyphicon-log-out"></i> Logout</a></li> <li class="divider"></li> <li role="presentation" class="dropdown-header">Admin</li> <li><a href="/#providers"><i class="glyphicon glyphicon-plus"></i> Providers</a></li> </ul> </div> </li> <li class="divider-vertical"></li> </ul> </div> </div> </div>

<div id="container" class="container"></div> <script src="/assets/jquery/jquery.js?body=1"></script> <script src="/assets/jquery_ujs.js?body=1"></script> <script src="/assets/jquery-idletimer/dist/idle-timer.js?body=1"></script> <script src="/assets/jQuery-Knob/js/jquery.knob.js?body=1"></script> <script src="/assets/jquery-placeholder/jquery.placeholder.js?body=1"></script> <script src="/assets/numeral/numeral.js?body=1"></script> <script src="/assets/momentjs/moment.js?body=1"></script> <script src="/assets/bootstrap/affix.js?body=1"></script> <script src="/assets/bootstrap/alert.js?body=1"></script> <script src="/assets/bootstrap/button.js?body=1"></script> <script src="/assets/bootstrap/carousel.js?body=1"></script> <script src="/assets/bootstrap/collapse.js?body=1"></script> <script src="/assets/bootstrap/dropdown.js?body=1"></script> <script src="/assets/bootstrap/tab.js?body=1"></script> ... <!DOCTYPE html> <html> <head> <title>Forbidden (403)</title> <style type="text/css"> body { background-color: #fff; color: #666; text-align: left; font-family: arial, sans-serif; } div.dialog { width: 25em; padding: 0 4em; margin: 4em auto 0 auto; border: 1px solid #ccc; border-right-color: #999; border-bottom-color: #999; } h1 { font-size: 100%; color: #f00; line-height: 1.5em; } div.dialog ul li { padding: 5px; } </style> <script src="/assets/jquery.js?body=1" type="text/javascript"></script> <script src="/assets/jquery_ujs.js?body=1" type="text/javascript"></script> </head>

<body> <!-- This file lives in public/403.html --> <div class="dialog"> <h1>Your user account does not have access to the requested resource.</h1> <ul> <li>You may have mistyped the address or your user permissions may not have been set up correctly.</li> <li>If you just logged in and got this page, you likely either need the 'staff_role' added to your account, or you need to have an NPI assigned to your account to access one provider's data</li> <li>If you are trying to access an administration page, you will need the 'admin' role added to your account</li> <li>If you are trying to access data for another provider, you will need the 'staff_role' or 'admin' role added to your account</li> </ul> <a href="/users/sign_out" data-method="delete">Click here to logout</a> </div> </body> </html> </body> </html>

I'm the complete nube in ruby, please advice (you can see creds for my user there in curl command). Thank you!

okorokhina commented 9 years ago

Closing - you need to add "admin": true to your user's record in db.getSiblingDB("pophealth-development").users.update mongodb command.