jleifeld
commented
1 year ago Hey @bilobait-lohrmann ,
I will have a look at your issue and will give your more information after testing it out
Open bilobait-lohrmann opened 1 year ago
jleifeld
commented
1 year ago Hey @bilobait-lohrmann ,
I will have a look at your issue and will give your more information after testing it out
jleifeld
commented
1 year ago FYI: I can reproduce the error and will fix this issue. I report the status here. You can also see the current progress in the Issuetracker: https://issues.shopware.com/issues/NEXT-29862
jleifeld
commented
1 year ago Issue is resolved: https://issues.shopware.com/issues/NEXT-29862
bilobait-lohrmann
commented
1 year ago I just tested the newest release of shopware which should contain the fix with my apps. Unfortunately the error is still present. If you want i can send you the login credentials to the test system via slack
bilobait-lohrmann
commented
1 year ago Ok, i figured out, that i now have to add the privileges for create update and delete for my custom entites. This was not necessary yet. I updated my plugins, now everything seems to work again.
bilobait-lohrmann
commented
1 year ago I did some further tests. For the following code i still get a permission error
const languageRepository = sw.data.repository('language'); languageRepository.search().then((data) => { });
gives
Uncaught (in promise) Error: Your app is missing the privileges read:sales_channel_domain, read:customer, read:newsletter_recipient, read:order, read:category_translation, read:country_state_translation, read:country_translation, read:currency_translation, read:customer_group_translation, read:locale_translation, read:media_translation, read:payment_method_translation, read:product_manufacturer_translation, read:product_translation, read:shipping_method_translation, read:unit_translation, read:property_group_translation, read:property_group_option_translation, read:sales_channel_translation, read:sales_channel_type_translation, read:salutation_translation, read:plugin_translation, read:product_stream_translation, read:state_machine_translation, read:state_machine_state_translation, read:cms_page_translation, read:cms_slot_translation, read:mail_template_translation, read:mail_header_footer_translation, read:document_type_translation, read:number_range_type_translation, read:delivery_time_translation, read:product_search_keyword, read:product_keyword_dictionary, read:mail_template_type_translation, read:promotion_translation, read:number_range_translation, read:product_review, read:seo_url, read:tax_rule_type_translation, read:product_cross_selling_translation, read:import_export_profile_translation, read:product_sorting_translation, read:product_feature_set_translation, read:app_translation, read:app_action_button_translation, read:landing_page_translation, read:app_cms_block_translation, read:app_script_condition_translation, read:app_flow_action_translation, read:tax_provider_translation, read:theme_translation for action "repositorySearch".
and
const languageRepository = sw.data.repository('category'); languageRepository.search().then((data) => { });
gives
Uncaught (in promise) Error: Your app is missing the privileges read:category_translation, read:tag, read:main_category, read:seo_url for action "repositorySearch".
bilobait-lohrmann
commented
12 months ago @jleifeld can you please give me a response, this is a very urgent issue for us
seggewiss
commented
12 months ago Sorry for taking so long I will take a look ASAP
seggewiss
commented
12 months ago I know this might be unpleasant for you, but the requested permissions by the SDK are valid. Take a look at the LanguageDefinition. All the requested permissions are associations of the language entity. Therefore by reading a highly coupled entity like languages you will need a lot of permissions to do so, as you could access all the associations.
Same goes for the CategoryDefinition. Please let me know if there are any cases where you search for an entity and a permission is requested that is not related to the read entity π
bilobait-lohrmann
commented
12 months ago The problem is if I request the category repository that a lot of other plugins also can add a association to this. We therefore can't know all the associations and have to update all the time our app if a new plugin is installed on customer side. Is there a way we can say we don't want to load the associations?
seggewiss
commented
12 months ago Ah I see. So what you are saying is that this problem also exists for reverse associations?
bilobait-lohrmann
commented
12 months ago Yes for example I have currently the following error if I load the product entity
Error: Your app is missing the privileges read:swag_paypal_pos_sales_channel_run_log, read:swag_paypal_pos_sales_channel_product, read:cbax_lexicon_entry, read:solid_pv_product_embedded_video_media for action "repositorySearch".
seggewiss
commented
12 months ago Okay thats a real problem π What do you think about the following:
We only validate for read permissions if an EntityCollection is requested in the Criteria
bilobait-lohrmann
commented
12 months ago i am not shure what you mean by "if an EntityCollection is requested in the Criteria" how would this look like?
seggewiss
commented
12 months ago Currently you request like this:
const languageRepository = sw.data.repository('category'); languageRepository.search().then((data) => { });
This will not give you errors for associations then. However if you request like this:
const criteria = new Criteria(); criteria.addAssociation('associationWithoutReadPermissions'); const languageRepository = sw.data.repository('category'); languageRepository.search(criteria).then((data) => { });
Will result in an error again as an association is requested that the app is missing read privileges for.
bilobait-lohrmann
commented
12 months ago yes. exactly for that i was looking
seggewiss
commented
12 months ago I've created an issue and will start the work ASAP! Please take a look at the progress here:
bilobait-lohrmann
commented
12 months ago thank you
hungmac-sw
commented
11 months ago This issue also appear from getting the element configs by the code below
import { data } from '@shopware-ag/admin-extension-sdk';
....
await data.get({ id: 'MY_CMS_ELEMENT__config-element' });Error message:
missing-priviliges-error-serializer.js:10 Uncaught (in promise) Error: Your app is missing the privileges read:cms_slot_translation, read:language, read:sales_channel, read:sales_channel_domain, read:customer, read:newsletter_recipient, read:order, read:category_translation, read:country_state_translation, read:country_translation, read:currency_translation, read:customer_group_translation, read:locale_translation, read:media_translation, read:payment_method_translation, read:product_manufacturer_translation, read:product_translation, read:shipping_method_translation, read:unit_translation, read:property_group_translation, read:property_group_option_translation, read:sales_channel_translation, read:sales_channel_type_translation, read:salutation_translation, read:plugin_translation, read:product_stream_translation, read:state_machine_translation, read:state_machine_state_translation, read:cms_page_translation, read:mail_template_translation, read:mail_header_footer_translation, read:document_type_translation, read:number_range_type_translation, read:delivery_time_translation, read:product_search_keyword, read:product_keyword_dictionary, read:mail_template_type_translation, read:promotion_translation, read:number_range_translation, read:product_review, read:seo_url, read:tax_rule_type_translation, read:product_cross_selling_translation, read:import_export_profile_translation, read:product_sorting_translation, read:product_feature_set_translation, read:app_translation, read:app_action_button_translation, read:landing_page_translation, read:app_cms_block_translation, read:app_script_condition_translation, read:app_flow_action_translation, read:tax_provider_translation, read:theme_translation for action "datasetGet".
at Object.deserialize (missing-priviliges-error-serializer.js:10:1)
at index.js:56:1
at baseClone (_baseClone.js:97:1)
at _baseClone.js:161:1
at arrayEach (_arrayEach.js:15:1)
at baseClone (_baseClone.js:155:1)
at cloneDeepWith (cloneDeepWith.js:37:1)
at deserialize (index.js:53:29)
at callbackHandler (channel.js:140:1)This issue also appear from getting the element configs by the code below
import { data } from '@shopware-ag/admin-extension-sdk'; .... await data.get({ id: 'MY_CMS_ELEMENT__config-element' });Error message:
missing-priviliges-error-serializer.js:10 Uncaught (in promise) Error: Your app is missing the privileges read:cms_slot_translation, read:language, read:sales_channel, read:sales_channel_domain, read:customer, read:newsletter_recipient, read:order, read:category_translation, read:country_state_translation, read:country_translation, read:currency_translation, read:customer_group_translation, read:locale_translation, read:media_translation, read:payment_method_translation, read:product_manufacturer_translation, read:product_translation, read:shipping_method_translation, read:unit_translation, read:property_group_translation, read:property_group_option_translation, read:sales_channel_translation, read:sales_channel_type_translation, read:salutation_translation, read:plugin_translation, read:product_stream_translation, read:state_machine_translation, read:state_machine_state_translation, read:cms_page_translation, read:mail_template_translation, read:mail_header_footer_translation, read:document_type_translation, read:number_range_type_translation, read:delivery_time_translation, read:product_search_keyword, read:product_keyword_dictionary, read:mail_template_type_translation, read:promotion_translation, read:number_range_translation, read:product_review, read:seo_url, read:tax_rule_type_translation, read:product_cross_selling_translation, read:import_export_profile_translation, read:product_sorting_translation, read:product_feature_set_translation, read:app_translation, read:app_action_button_translation, read:landing_page_translation, read:app_cms_block_translation, read:app_script_condition_translation, read:app_flow_action_translation, read:tax_provider_translation, read:theme_translation for action "datasetGet". at Object.deserialize (missing-priviliges-error-serializer.js:10:1) at index.js:56:1 at baseClone (_baseClone.js:97:1) at _baseClone.js:161:1 at arrayEach (_arrayEach.js:15:1) at baseClone (_baseClone.js:155:1) at cloneDeepWith (cloneDeepWith.js:37:1) at deserialize (index.js:53:29) at callbackHandler (channel.js:140:1)
For Data sets we can't resolve this issue. We need to ensure that an app only gets the data from the shop it has rights for.
For example a shop classifies their customers and carefully checks that no apps have permissions to read customers.
Now you request a dataset containing a customer. For data.get & data.subscribe you will always need either the complete permissions or you boil down the data you get with selectors:
https://shopware.github.io/admin-extension-sdk/docs/guide/api-reference/data/get
hungmac-sw
commented
11 months ago Hi @seggewiss, thank you for your answer. It works for me.
seggewiss
commented
11 months ago Hi @bilobait-lohrmann,
The issue is resolved and is already live in our cloud environment. For selfhosted it will be contained in the next patch release. You need to update your app to SDK version 3.0.15. For testing purposes you could use the trunk branch of Shopware.
bilobait-lohrmann
commented
11 months ago Hello @seggewiss
i had today the chance to test in the current cloud env from shopware with the current sdk active. Unfortunately I still get the error:
app.js?id=eae874019f8b9c5767393c481a2198f9:2 Uncaught (in promise) Error: Your app is missing the privileges read:quote for action "repositorySearch".
if i call
const languageRepository = sw.data.repository('language'); languageRepository.search().then((data) => { });
bilobait-lohrmann
commented
11 months ago @seggewiss
i did some further testing. on the client cloud i get the following error for the following call
const productRepository = sw.data.repository('product'); productRepository.search().then((data) => { });
Error: Cannot read properties of undefined (reading 'forEach')
The function where this error is thrown is
function deserialize(messageData, event) { return cloneDeepWith(messageData, (value, key, object, stack) => { // return first matching serializer result for (const serializer of serializers) { const result = serializer.deserialize({ value, key, object, stack, event, customizerMethod: deserialize, }); if (result) { return result; } ; } }); }
In a clean cloud installation i don't get this error
seggewiss
commented
11 months ago We have automated tests in place that assure the bug fix works. We will need more information to reproduce this issue
bilobait-lohrmann
commented
11 months ago if it is easier we can meet on slack and i can show it to you directly
seggewiss
commented
11 months ago Maybe a dumb question but are you passing in a criteria? https://shopware.github.io/admin-extension-sdk/docs/guide/api-reference/data/repository#search
Cause we are still unable to reproduce this
jleifeld
commented
11 months ago 2. With clean install i mean a cloud instance created in the shopware account (can be down in the plugin area). I have a customer which aready has some plugins installed and then the error with the product repo occurs. The problem with the language repo i have on every instance
Just for my understanding: Do you have plugins installed in your local instance or do you mean a cloud instance with installed apps?
bilobait-lohrmann
commented
11 months ago I just made a cloud instance with the newest version. Now everything works fine. Thanks for the help. If something new comes up i will open a new issue
wannevancamp
commented
7 months ago I have the same issue now. I want to receive the media from a product using the @shopware-ag/meteor-admin-sdk.
data.get({
id: 'sw-product-detail__product',
selectors: ['media']
});The following error is thrown: Error: Your app is missing the privileges read:product_media for action "datasetGet".
Adding the permission <read>product_media</read> to the manifest will solve this issue. But now an error is thrown which asks to add all the available permissions to the manifest. Any thoughts?
seggewiss
commented
7 months ago I will check this again today π
jleifeld
commented
7 months ago I could reproduce the error. We will have a look at it!
We have problem related to privileges, which came up with the latest update. We are using the latest Admin SDK version:
We had the following code:
we could fix it updating our statement
the problem is for the following code I donβt have a solution
for the search I get a similar error, but also updates are affeccted
the priviliges of the app are the following
https://shopwarecommunity.slack.com/archives/C025YFFMP6W/p1691649876593379