Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.
New JsonStore entities through a POST in MangoUI error on user - solved
-
Dear Mango Forum,
Looking through new patch notes there is a line : Restrict json-data POST endpoint to only let users with the global Create JSON Data permission to create new entries.
I noticed that the new UI permissions page is not updated but legacy version does have : Permission to create a JSON data entry. By default it has superadmin rights. As my user has user rights I added next to the superadmin group also an user group.
Still having trouble creating JSONstore entities to the database with this group of users. After trying to save the entity I get following error to the browser console:
POST http://mango-instance/rest/v1/json-data/SavedReportData-10?editPermission=&name=SavedReportData-10&publicData=false&readPermission=user 422 (Unprocessable Entity) Possibly unhandled rejection: {"data":{"xid":"SavedReportData-10","name":"SavedReportData-10","modelType":"JSON_DATA","validationMessages":[{"level":"ERROR","message":"Must have edit permission to save data","property":"editPermission"}],"publicData":false,"jsonData":{"reportNo":10,"approved":"testingstation","name":"fds","address":"dfsadfs","equipment":"dfsadf"},"readPermission":"user","editPermission":"","id":-1},"status":422,"config":{"method":"POST","transformResponse":[null],"jsonpCallbackParam":"callback","data":{"xid":"SavedReportData-10","name":"SavedReportData-10","readPermission":"user","editPermission":"","publicData":false,"jsonData":{"reportNo":10,"approved":"testingstation","name":"fds","address":"dfsadfs","equipment":"dfsadf"},"isNew":true,"dataPath":null},"url":"/rest/v1/json-data/SavedReportData-10","params":{"name":"SavedReportData-10","readPermission":"user","editPermission":"","publicData":false},"headers":{"Accept":"application/json, text/plain, */*","X-Requested-With":"XMLHttpRequest","Content-Type":"application/json;charset=utf-8","X-XSRF-TOKEN":"e09a9bb1-b155-4291-a8f5-b0a11fb8b847"},"cached":false,"timeout":30000},"statusText":"Unprocessable Entity","xhrStatus":"complete","mangoStatusText":"Validation error — Validation error","resource":{"xid":"SavedReportData-10","name":"SavedReportData-10","readPermission":"user","editPermission":"","publicData":false,"jsonData":"...","isNew":true,"dataPath":null}}Before changing the permissions the user was not allowed and had following error in console:
POST http://mango-instance/rest/v1/json-data/SavedReportData-11?editPermission=&name=SavedReportData-11&publicData=false&readPermission=user 403 (Forbidden) Possibly unhandled rejection: {"data":{"cause":"PermissionException: User BennetGrupp does not have permission to create a JSON data entry","mangoStatusCode":4004,"mangoStatusName":"ACCESS_DENIED","localizedMessage":"User BennetGrupp does not have permission to create a JSON data entry"},"status":403,"config":{"method":"POST","transformResponse":[null],"jsonpCallbackParam":"callback","data":{"xid":"SavedReportData-11","name":"SavedReportData-11","readPermission":"user","editPermission":"","publicData":false,"jsonData":{"reportNo":11,"name":"dasdas","approved":"testingstation","address":"asdas","equipment":"dasd"},"isNew":true,"dataPath":null},"url":"/rest/v1/json-data/SavedReportData-11","params":{"name":"SavedReportData-11","readPermission":"user","editPermission":"","publicData":false},"headers":{"Accept":"application/json, text/plain, */*","X-Requested-With":"XMLHttpRequest","Content-Type":"application/json;charset=utf-8","X-XSRF-TOKEN":"e09a9bb1-b155-4291-a8f5-b0a11fb8b847"},"cached":false,"timeout":30000},"statusText":"Forbidden","xhrStatus":"complete","mangoStatusText":"User BennetGrupp does not have permission to create a JSON data entry","resource":{"xid":"SavedReportData-11","name":"SavedReportData-11","readPermission":"user","editPermission":"","publicData":false,"jsonData":"...","isNew":true,"dataPath":null}}Creating JSONstore entities with superadmin works. I would prefer not to give user admin access as permissions are quite needed :). This would be great to solve as I am using JSONStore with JSPDF, AMCharts and ma-statistics to create pdf exports of the data and all settings of these exports are in the JsonStores which the user modifies through the session.
Mango version: Latest 3.5.0b3 updated 21.09.2018.
Running on MangoES.
Used browser: ChromeThanks,
Thomas -
Hi Thomas,
I believe the issue is that you are not giving an editPermission that your lower privilege user has. A user cannot create a JSON store item that they then subsequently cannot edit.
-
Hi @phildunlap ,
Thanks for pointing me to the right direction. I forgot to add permissions to the newly created JSONStore. After adding permissions correctly no error is present.
Thanks!
Thomas
-
Certainly! Thanks for providing such a detailed description!
