Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to retrieve action logs due to row level security #1353

Closed
johnaohara opened this issue Feb 20, 2024 · 2 comments · Fixed by #1585
Closed

Unable to retrieve action logs due to row level security #1353

johnaohara opened this issue Feb 20, 2024 · 2 comments · Fixed by #1585
Assignees
@barreiro
Labels
area/backend branch/master The master branch priority/high High priority type/bug Something isn't working
Milestone
0.13

Comments

@johnaohara
Copy link
Member

Describe the bug

calls to '/api/log/action/{testId}' always fail to retrieve the action logs because the logs are inserted as horreum.system and retrieved as user roles either horreum.system or an admin user: https://github.com/Hyperfoil/Horreum/blob/master/horreum-backend/src/main/resources/db/changeLog.xml#L3883

However, to role allowed on the REST endpoint is tester: https://github.com/Hyperfoil/Horreum/blob/master/horreum-backend/src/main/java/io/hyperfoil/tools/horreum/svc/LogServiceImpl.java#L140

so, once the action logs have been created, only horreum system can retrieve them, and they are not accessible for users
@johnaohara johnaohara added type/bug Something isn't working branch/master The master branch area/backend priority/high High priority labels Feb 20, 2024
@johnaohara johnaohara self-assigned this Feb 20, 2024
@johnaohara
Copy link
Member Author

Hmm, this is not strictly true, as there is also a check to see if the test is owned by a role the current user has

@johnaohara johnaohara mentioned this issue Feb 21, 2024
Merged
4 tasks
@stalep stalep assigned barreiro and unassigned johnaohara Apr 8, 2024
@stalep stalep added this to the 0.13 milestone Apr 8, 2024
@barreiro barreiro mentioned this issue Apr 11, 2024
Merged
@barreiro
Copy link
Collaborator

I believe the problem here is that the action (and the corresponding logs) for a new test are executed with id -1. They should execute with the id of the newly created test instead, then a user with tester role for the test will be able to query /api/log/action/{testId}. Otherwise it will only be accessible for admin users.

@johnaohara johnaohara mentioned this issue Apr 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barreiro barreiro

Labels
area/backend branch/master The master branch priority/high High priority type/bug Something isn't working
Projects
None yet
Milestone
0.13
Development

Successfully merging a pull request may close this issue.

Execute TEST_NEW actions with the test id barreiro/Horreum
3 participants
@stalep @barreiro @johnaohara