From joh17964 at umn.edu  Tue Jul  7 15:48:32 2020
From: joh17964 at umn.edu (Eli Johnson)
Date: Tue, 7 Jul 2020 14:48:32 -0500
Subject: [Loris-dev] Fixing multi-escaped special characters
Message-ID: <CAKcpJh4SYtcobMbWu4Hhp-bMxvs5S76-MyN-EVyR1C-KgJHG_g@mail.gmail.com>

Hi,

Is there any recommended method for identifying and fixing fields that have
previously been saved with multi-escaped special characters, before the
bugfix in v23.0 (issue #6223)? I have noticed affected fields in our
database and was curious if anyone else had already cleaned their database
and could advise.

Thanks,
Eli

Eli Johnson
Developer/Researcher
Institute of Child Development
University of Minnesota
joh17964 at umn.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200707/31d68422/attachment.html>

From rida.abou-haidar at mcin.ca  Tue Jul  7 16:39:20 2020
From: rida.abou-haidar at mcin.ca (Rida Abou-Haidar)
Date: Tue, 7 Jul 2020 16:39:20 -0400
Subject: [Loris-dev] Fixing multi-escaped special characters
In-Reply-To: <CAKcpJh4SYtcobMbWu4Hhp-bMxvs5S76-MyN-EVyR1C-KgJHG_g@mail.gmail.com>
References: <CAKcpJh4SYtcobMbWu4Hhp-bMxvs5S76-MyN-EVyR1C-KgJHG_g@mail.gmail.com>
Message-ID: <CABbkjAjeyyTkNCvqFuzw=sHkt_VB4P_dg-EB_kW_J8GwDqCDjw@mail.gmail.com>

Hi Eli,

In LORIS v22 I added a reported script that analyses if there are issues in
your instruments.

https://github.com/aces/Loris/pull/6477/files#diff-a943c6333454285d7b55ae4c9d792134

However the script that fixes all the issues requires some
customization per project and that's why it was not submitted to the repo.
Run the reporter first and see the extent of the damage, your options after
that are:

   1. fix the fields manually
   2. create your own little script to do it
   3. we send you the script of one of our projects and you modify it to
   work for you.

The reason the existing scripts need alterations is because projects have
the freedom to implement their instruments the way they want it, so it's
very difficult to make one script that works for all instruments on all
projects. There is also the extent of the damages that have to be
considered, in some projects the escaping happened so many times that the
data in the SQL table started getting truncated. I don't think it will be
the case for you because it happened because of a set of special
circumstances but seeing how much the data is affected can help identify
the best method for fixing the data.

Best,
Rida Abou-Haidar
Software Developer
Montreal Neurological Institute
McGill University
rida.abou-haidar at mcin.ca


On Tue, Jul 7, 2020 at 3:49 PM Eli Johnson <joh17964 at umn.edu> wrote:

> Hi,
>
> Is there any recommended method for identifying and fixing fields that
> have previously been saved with multi-escaped special characters, before
> the bugfix in v23.0 (issue #6223)? I have noticed affected fields in our
> database and was curious if anyone else had already cleaned their database
> and could advise.
>
> Thanks,
> Eli
>
> Eli Johnson
> Developer/Researcher
> Institute of Child Development
> University of Minnesota
> joh17964 at umn.edu
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200707/218a9ffd/attachment.html>

From joh17964 at umn.edu  Tue Jul  7 18:00:04 2020
From: joh17964 at umn.edu (Eli Johnson)
Date: Tue, 7 Jul 2020 17:00:04 -0500
Subject: [Loris-dev] Fixing multi-escaped special characters
In-Reply-To: <CABbkjAjeyyTkNCvqFuzw=sHkt_VB4P_dg-EB_kW_J8GwDqCDjw@mail.gmail.com>
References: <CAKcpJh4SYtcobMbWu4Hhp-bMxvs5S76-MyN-EVyR1C-KgJHG_g@mail.gmail.com>
 <CABbkjAjeyyTkNCvqFuzw=sHkt_VB4P_dg-EB_kW_J8GwDqCDjw@mail.gmail.com>
Message-ID: <CAKcpJh6P9ZrJ5-hmCM0fBLcLs-wDVx9xxKOx=ajRFaVx4X-9-g@mail.gmail.com>

Hi Rida,

We do have an extensive amount affected but I don't suspect any truncation.
Would you mind sending me the script for one of your projects and I can
modify it?

Thanks,
Eli

Eli Johnson
Developer/Researcher
Institute of Child Development
University of Minnesota
joh17964 at umn.edu


On Tue, Jul 7, 2020 at 3:39 PM Rida Abou-Haidar <rida.abou-haidar at mcin.ca>
wrote:

> Hi Eli,
>
> In LORIS v22 I added a reported script that analyses if there are issues
> in your instruments.
>
>
> https://github.com/aces/Loris/pull/6477/files#diff-a943c6333454285d7b55ae4c9d792134
>
> However the script that fixes all the issues requires some
> customization per project and that's why it was not submitted to the repo.
> Run the reporter first and see the extent of the damage, your options after
> that are:
>
>    1. fix the fields manually
>    2. create your own little script to do it
>    3. we send you the script of one of our projects and you modify it to
>    work for you.
>
> The reason the existing scripts need alterations is because projects have
> the freedom to implement their instruments the way they want it, so it's
> very difficult to make one script that works for all instruments on all
> projects. There is also the extent of the damages that have to be
> considered, in some projects the escaping happened so many times that the
> data in the SQL table started getting truncated. I don't think it will be
> the case for you because it happened because of a set of special
> circumstances but seeing how much the data is affected can help identify
> the best method for fixing the data.
>
> Best,
> Rida Abou-Haidar
> Software Developer
> Montreal Neurological Institute
> McGill University
> rida.abou-haidar at mcin.ca
>
>
> On Tue, Jul 7, 2020 at 3:49 PM Eli Johnson <joh17964 at umn.edu> wrote:
>
>> Hi,
>>
>> Is there any recommended method for identifying and fixing fields that
>> have previously been saved with multi-escaped special characters, before
>> the bugfix in v23.0 (issue #6223)? I have noticed affected fields in our
>> database and was curious if anyone else had already cleaned their database
>> and could advise.
>>
>> Thanks,
>> Eli
>>
>> Eli Johnson
>> Developer/Researcher
>> Institute of Child Development
>> University of Minnesota
>> joh17964 at umn.edu
>> _______________________________________________
>> Loris-dev mailing list
>> Loris-dev at bic.mni.mcgill.ca
>> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200707/b043c0cc/attachment.html>

From ioannis at berkeley.edu  Wed Jul 22 19:46:25 2020
From: ioannis at berkeley.edu (Ioannis Pappas)
Date: Wed, 22 Jul 2020 16:46:25 -0700
Subject: [Loris-dev] Regarding the details of the imaging uploading process
Message-ID: <6E75A128-B6BF-4F03-8511-1F9739FD06EB@berkeley.edu>

Dear Loris support.

I hope this finds you well. I would like to ask you some basic questions on the dicoms upload process as I am slowly introducing myself to Loris.

1) Given that a subject exists in the database (with a certain PSCID and CandID), with respect to running the imaging_upload_file.pl -profile prod -upload_id $UploadIDID /PATH/TO/UPLOAD/PSCID_CandID_VisitLabel_OptionalSuffix.zip -verbose what is the relationship between the upload_id and the patient? Is a row in the mri_upload table being created when this command is executed or there is something that I need to manually do (e.g. create an id, point to the path etc.)? Does the /PATH/TO/UPLOAD have to be explicitly defined in the Configuration->Paths (e.g. /data/incoming) for it to be valid?

2) I am confused as to how the scans are parsed. Say that I have a .zip with dicoms of one subject. From my understanding the parsing is based on either the regex of the series description or the scan parameter values range lying in mri_protocol. Is that true? In turn, given that this is successful, is the scan being aliased with a certain name as defined in the mri_scan_type?

I appreciate your help during these troubled times.
Ioannis

From cecile.madjar at mcin.ca  Thu Jul 23 09:05:32 2020
From: cecile.madjar at mcin.ca (Cecile Madjar)
Date: Thu, 23 Jul 2020 09:05:32 -0400
Subject: [Loris-dev] Regarding the details of the imaging uploading
	process
In-Reply-To: <6E75A128-B6BF-4F03-8511-1F9739FD06EB@berkeley.edu>
References: <6E75A128-B6BF-4F03-8511-1F9739FD06EB@berkeley.edu>
Message-ID: <CAMkiY3fWKM0OXiDbeddnTTeiAiKX8muJnvpp4fJ1-QWtqVFY4Q@mail.gmail.com>

Dear Ioannis,

Thank you for reaching out.

1) Given that a subject exists in the database (with a certain PSCID and
> CandID), with respect to running the imaging_upload_file.pl -profile prod
> -upload_id $UploadIDID
> /PATH/TO/UPLOAD/PSCID_CandID_VisitLabel_OptionalSuffix.zip -verbose what is
> the relationship between the upload_id and the patient? Is a row in the
> mri_upload table being created when this command is executed or there is
> something that I need to manually do (e.g. create an id, point to the path
> etc.)? Does the /PATH/TO/UPLOAD have to be explicitly defined in the
> Configuration->Paths (e.g. /data/incoming) for it to be valid?
>

The typical workflow is to inserting DICOM would be:

   1. upload a zip file labelled
   <PSCID>_<DCCID>_<VisitLabel>.<zip|tgz|tar.gz> via the imaging uploader
   (this will insert a row in the mri_upload table with UploadID, UploadedBy,
   UploadDate, UploadLocation, PatientName, IsPhantom filled in according to
   your uploaded file). Note: the PatientName field in the DICOMs' headers
   have to match <PSCID>_<DCCID>_<VisitLabel>
   2. run imaging_upload_file.pl on the uploaded scan => this will
      1. untar the archived file with the DICOMs, parse the list of DICOMs,
      create a new archive and insert information about the DICOM
study (series,
      files etc...) into the tarchive* tables
      2. read the archived DICOM files and convert them to MINC (and NIfTI
      if config option to create NIfTI files is set to true)
      3. read the patient name and compare the information derived from the
      PatientName to what candidate/visit is already present in the database
      (this is performed by a customized function in the prod file in
      dicom-archive/.loris-mri/prod)
      4. read the protocol and compare it to the mri_protocol tables to
      identify the scan type
      5. insert the file in the files table if PatientName and protocol
      found (the file will be labelled
      <study>_<DCCID>_<VisitLabel>_<ScanType>_<001|002..>.mnc)
      6. update the mri_upload table with the SessionID, TarchiveID,
      number_of_mincCreated, number_of_mincInserted, IsCandidateInfoValidated,
      IsTarchiveValidated, InsertionComplete, Inserting

In order for the script to correctly identify to which participant/visit
the scan belongs to, you have to ensure the PatientName is properly
encoding in the DICOM headers. If that is the case, then the magic of the
scripts will work and associate the scans to the proper candidate/visit.

The path to upload in the config module is used only by the imaging
uploader I believe. I don't think this is required by imaging_upload_file.pl
script though.

If you do not wish to upload your DICOM studies via the imaging uploader
but instead do it from the backend directly (upload of many studies at
once), then you should use the batch_imaging_upload.pl script which will

   1. insert a row in the mri_upload table (the same way as the imaging
   uploader module does)
   2. call imaging_upload_file.pl to proceed with the complete insertion

2) I am confused as to how the scans are parsed. Say that I have a .zip
> with dicoms of one subject. From my understanding the parsing is based on
> either the regex of the series description or the scan parameter values
> range lying in mri_protocol. Is that true? In turn, given that this is
> successful, is the scan being aliased with a certain name as defined in the
> mri_scan_type?
>

Exact. The inserted scan would then be labelled according to the following
convention:
<study>_<DCCID>_<VisitLabel>_<ScanType>_<001|002..>.mnc

Hope this helps answer your questions.

Don't hesitate to consult the LORIS-MRI documentation
<https://github.com/aces/Loris-MRI/tree/main/docs>, you may find some
helpful information there.
Let me know if you need additional information.

Best,

C?cile





> I appreciate your help during these troubled times.
> Ioannis
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200723/b28329e0/attachment.html>

From joh17964 at umn.edu  Thu Jul 23 23:50:23 2020
From: joh17964 at umn.edu (Eli Johnson)
Date: Thu, 23 Jul 2020 22:50:23 -0500
Subject: [Loris-dev] Imaging Uploader Failing File Verification
Message-ID: <CAKcpJh4eJvPdrdM1-G5LOrbgzgEq4k+cUTGtmwJrbcB5Bi32WQ@mail.gmail.com>

Hi,

Using LORIS v23.0 on RHEL 7, accessing LORIS front end from Chrome.

I'm currently setting up the LORIS-MRI and imaging modules for LORIS. I am
running into an issue with the Imaging Uploader on the front end where it
is returning the error message "The file TEST111_986793_testing1.zip is not
of type .tgz, .tar.gz or .zip." When checking the error-log from the back
end I'm seeing...

PHP Warning:  mime_content_type(): Empty filename or path in
/<basepath>/modules/imaging_uploader/php/imaging_uploader.class.inc on line
646, referer: http://<site>/imaging_uploader


Upon further investigation into imaging_uploader.class.inc, the function
isCompressed() is being passed an empty string from isValid(). IsValid is
passing it $temp_file, defined in $temp_file=$file->fileInfo['tmp_name'],
but this is also an empty string. So I'm trying to figure out at what stage
'tmp_name' should be defined for $file->fileInfo but I am struggling to
track it down. I checked what was being passed in $file->setHandlerArgs and
it contains this:

Array
(
    [IsPhantom] => N
    [candID] => 986793
    [pSCID] => TEST111
    [visitLabel] => testing1
    [mriFile] => Array
        (
            [name] => TEST111_986793_testing1.zip
            [type] =>
            [tmp_name] =>
            [error] => 7
            [size] => 0
        )
)


Any suggestions on how to get the uploader working? I have verified that
the MRIUploadIncomingPath variable is set appropriately and is an existing,
writable directory. I also am able to successfully upload the same zip file
from the back end.


Thanks,
Eli


Eli Johnson
Developer/Researcher
Institute of Child Development
University of Minnesota
joh17964 at umn.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200723/f40ae1de/attachment.html>

From nicolasbrossard.mni at gmail.com  Fri Jul 24 12:02:55 2020
From: nicolasbrossard.mni at gmail.com (Nicolas Brossard)
Date: Fri, 24 Jul 2020 12:02:55 -0400
Subject: [Loris-dev] Imaging Uploader Failing File Verification
In-Reply-To: <CAKcpJh4eJvPdrdM1-G5LOrbgzgEq4k+cUTGtmwJrbcB5Bi32WQ@mail.gmail.com>
References: <CAKcpJh4eJvPdrdM1-G5LOrbgzgEq4k+cUTGtmwJrbcB5Bi32WQ@mail.gmail.com>
Message-ID: <CAHaEUvpD-FqzGNchedPxFOR=r-H7A8A9=Mtw=rxhw0ZmyD9UNA@mail.gmail.com>

Hi Eli,

Looking at what is being passed to $file->setHandlerArgs, I can see that
the upload error code is set to 7, which means that the system could not
copy your file in the temporary directory dedicated to uploading files on
the server. By default, uploaded files are written in /tmp, but you can
override this by setting variable TMPDIR in <LORIS_MRI_ROOT>/environment. I
would check that whichever directory you are uploading to has enough free
space to allow the upload and that user www-data has write permission on
that directory.

Let me know if that fixes the issue.

Best,
Nicolas

On Thu, Jul 23, 2020 at 11:50 PM Eli Johnson <joh17964 at umn.edu> wrote:

> Hi,
>
> Using LORIS v23.0 on RHEL 7, accessing LORIS front end from Chrome.
>
> I'm currently setting up the LORIS-MRI and imaging modules for LORIS. I am
> running into an issue with the Imaging Uploader on the front end where it
> is returning the error message "The file TEST111_986793_testing1.zip is
> not of type .tgz, .tar.gz or .zip." When checking the error-log from the
> back end I'm seeing...
>
> PHP Warning:  mime_content_type(): Empty filename or path in
> /<basepath>/modules/imaging_uploader/php/imaging_uploader.class.inc on line
> 646, referer: http://<site>/imaging_uploader
>
>
> Upon further investigation into imaging_uploader.class.inc, the function
> isCompressed() is being passed an empty string from isValid(). IsValid is
> passing it $temp_file, defined in $temp_file=$file->fileInfo['tmp_name'],
> but this is also an empty string. So I'm trying to figure out at what stage
> 'tmp_name' should be defined for $file->fileInfo but I am struggling to
> track it down. I checked what was being passed in $file->setHandlerArgs and
> it contains this:
>
> Array
> (
>     [IsPhantom] => N
>     [candID] => 986793
>     [pSCID] => TEST111
>     [visitLabel] => testing1
>     [mriFile] => Array
>         (
>             [name] => TEST111_986793_testing1.zip
>             [type] =>
>             [tmp_name] =>
>             [error] => 7
>             [size] => 0
>         )
> )
>
>
> Any suggestions on how to get the uploader working? I have verified that
> the MRIUploadIncomingPath variable is set appropriately and is an existing,
> writable directory. I also am able to successfully upload the same zip file
> from the back end.
>
>
> Thanks,
> Eli
>
>
> Eli Johnson
> Developer/Researcher
> Institute of Child Development
> University of Minnesota
> joh17964 at umn.edu
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200724/6fba8cb0/attachment.html>

From joh17964 at umn.edu  Fri Jul 24 12:26:43 2020
From: joh17964 at umn.edu (Eli Johnson)
Date: Fri, 24 Jul 2020 11:26:43 -0500
Subject: [Loris-dev] Imaging Uploader Failing File Verification
In-Reply-To: <CAHaEUvpD-FqzGNchedPxFOR=r-H7A8A9=Mtw=rxhw0ZmyD9UNA@mail.gmail.com>
References: <CAKcpJh4eJvPdrdM1-G5LOrbgzgEq4k+cUTGtmwJrbcB5Bi32WQ@mail.gmail.com>
 <CAHaEUvpD-FqzGNchedPxFOR=r-H7A8A9=Mtw=rxhw0ZmyD9UNA@mail.gmail.com>
Message-ID: <CAKcpJh6BQZRvCeOZvOYXQxUjp22uVT=zG-S1_nk7z77-8ZSE8g@mail.gmail.com>

Hi Nicolas,

I do have a custom path for TMPDIR set in the environment file and I have
confirmed that the directory is writable (by user apache in this case since
OS is RHEL) and has plenty of space.

Where do I find what the upload error code number indicates? I saw that it
was 7 but couldn't find where it was being set or what it meant.

Any other recommendations for debugging this? The error log is sparse and
not particularly helpful here. Should I still be looking in
imaging_uploader.class.inc or is this an issue that begins in a parent
library (ie File_Upload.class.inc)?

Best,
Eli

Eli Johnson
Developer/Researcher
Institute of Child Development
University of Minnesota
joh17964 at umn.edu


On Fri, Jul 24, 2020 at 11:03 AM Nicolas Brossard <
nicolasbrossard.mni at gmail.com> wrote:

> Hi Eli,
>
> Looking at what is being passed to $file->setHandlerArgs, I can see that
> the upload error code is set to 7, which means that the system could not
> copy your file in the temporary directory dedicated to uploading files on
> the server. By default, uploaded files are written in /tmp, but you can
> override this by setting variable TMPDIR in <LORIS_MRI_ROOT>/environment.
> I would check that whichever directory you are uploading to has enough free
> space to allow the upload and that user www-data has write permission on
> that directory.
>
> Let me know if that fixes the issue.
>
> Best,
> Nicolas
>
> On Thu, Jul 23, 2020 at 11:50 PM Eli Johnson <joh17964 at umn.edu> wrote:
>
>> Hi,
>>
>> Using LORIS v23.0 on RHEL 7, accessing LORIS front end from Chrome.
>>
>> I'm currently setting up the LORIS-MRI and imaging modules for LORIS. I
>> am running into an issue with the Imaging Uploader on the front end where
>> it is returning the error message "The file TEST111_986793_testing1.zip
>> is not of type .tgz, .tar.gz or .zip." When checking the error-log from
>> the back end I'm seeing...
>>
>> PHP Warning:  mime_content_type(): Empty filename or path in
>> /<basepath>/modules/imaging_uploader/php/imaging_uploader.class.inc on line
>> 646, referer: http://<site>/imaging_uploader
>>
>>
>> Upon further investigation into imaging_uploader.class.inc, the function
>> isCompressed() is being passed an empty string from isValid(). IsValid is
>> passing it $temp_file, defined in $temp_file=$file->fileInfo['tmp_name'],
>> but this is also an empty string. So I'm trying to figure out at what stage
>> 'tmp_name' should be defined for $file->fileInfo but I am struggling to
>> track it down. I checked what was being passed in $file->setHandlerArgs and
>> it contains this:
>>
>> Array
>> (
>>     [IsPhantom] => N
>>     [candID] => 986793
>>     [pSCID] => TEST111
>>     [visitLabel] => testing1
>>     [mriFile] => Array
>>         (
>>             [name] => TEST111_986793_testing1.zip
>>             [type] =>
>>             [tmp_name] =>
>>             [error] => 7
>>             [size] => 0
>>         )
>> )
>>
>>
>> Any suggestions on how to get the uploader working? I have verified that
>> the MRIUploadIncomingPath variable is set appropriately and is an existing,
>> writable directory. I also am able to successfully upload the same zip file
>> from the back end.
>>
>>
>> Thanks,
>> Eli
>>
>>
>> Eli Johnson
>> Developer/Researcher
>> Institute of Child Development
>> University of Minnesota
>> joh17964 at umn.edu
>> _______________________________________________
>> Loris-dev mailing list
>> Loris-dev at bic.mni.mcgill.ca
>> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200724/2380b195/attachment.html>

From nicolasbrossard.mni at gmail.com  Fri Jul 24 13:18:44 2020
From: nicolasbrossard.mni at gmail.com (Nicolas Brossard)
Date: Fri, 24 Jul 2020 13:18:44 -0400
Subject: [Loris-dev] Imaging Uploader Failing File Verification
In-Reply-To: <CAKcpJh6BQZRvCeOZvOYXQxUjp22uVT=zG-S1_nk7z77-8ZSE8g@mail.gmail.com>
References: <CAKcpJh4eJvPdrdM1-G5LOrbgzgEq4k+cUTGtmwJrbcB5Bi32WQ@mail.gmail.com>
 <CAHaEUvpD-FqzGNchedPxFOR=r-H7A8A9=Mtw=rxhw0ZmyD9UNA@mail.gmail.com>
 <CAKcpJh6BQZRvCeOZvOYXQxUjp22uVT=zG-S1_nk7z77-8ZSE8g@mail.gmail.com>
Message-ID: <CAHaEUvqxL4dok33fWC1BsSQrDqGWLTjPSSgfYj56XXJLV=Pp9A@mail.gmail.com>

Hi Eli,

If you have specified a value for TMPDIR in your environment file, you
should also set the value of variable upload_tmp_dir in your php.ini file,
otherwise the uploader will still use the default system temporary
directory (usually /tmp, which most often than not has limited space).

On Fri, Jul 24, 2020 at 12:26 PM Eli Johnson <joh17964 at umn.edu> wrote:

> Hi Nicolas,
>
> I do have a custom path for TMPDIR set in the environment file and I have
> confirmed that the directory is writable (by user apache in this case since
> OS is RHEL) and has plenty of space.
>
> Where do I find what the upload error code number indicates? I saw that it
> was 7 but couldn't find where it was being set or what it meant.
>
> Any other recommendations for debugging this? The error log is sparse and
> not particularly helpful here. Should I still be looking in
> imaging_uploader.class.inc or is this an issue that begins in a parent
> library (ie File_Upload.class.inc)?
>
> Best,
> Eli
>
> Eli Johnson
> Developer/Researcher
> Institute of Child Development
> University of Minnesota
> joh17964 at umn.edu
>
>
> On Fri, Jul 24, 2020 at 11:03 AM Nicolas Brossard <
> nicolasbrossard.mni at gmail.com> wrote:
>
>> Hi Eli,
>>
>> Looking at what is being passed to $file->setHandlerArgs, I can see that
>> the upload error code is set to 7, which means that the system could not
>> copy your file in the temporary directory dedicated to uploading files on
>> the server. By default, uploaded files are written in /tmp, but you can
>> override this by setting variable TMPDIR in <LORIS_MRI_ROOT>/environment.
>> I would check that whichever directory you are uploading to has enough free
>> space to allow the upload and that user www-data has write permission on
>> that directory.
>>
>> Let me know if that fixes the issue.
>>
>> Best,
>> Nicolas
>>
>> On Thu, Jul 23, 2020 at 11:50 PM Eli Johnson <joh17964 at umn.edu> wrote:
>>
>>> Hi,
>>>
>>> Using LORIS v23.0 on RHEL 7, accessing LORIS front end from Chrome.
>>>
>>> I'm currently setting up the LORIS-MRI and imaging modules for LORIS. I
>>> am running into an issue with the Imaging Uploader on the front end where
>>> it is returning the error message "The file TEST111_986793_testing1.zip
>>> is not of type .tgz, .tar.gz or .zip." When checking the error-log from
>>> the back end I'm seeing...
>>>
>>> PHP Warning:  mime_content_type(): Empty filename or path in
>>> /<basepath>/modules/imaging_uploader/php/imaging_uploader.class.inc on line
>>> 646, referer: http://<site>/imaging_uploader
>>>
>>>
>>> Upon further investigation into imaging_uploader.class.inc, the function
>>> isCompressed() is being passed an empty string from isValid(). IsValid is
>>> passing it $temp_file, defined in $temp_file=$file->fileInfo['tmp_name'],
>>> but this is also an empty string. So I'm trying to figure out at what stage
>>> 'tmp_name' should be defined for $file->fileInfo but I am struggling to
>>> track it down. I checked what was being passed in $file->setHandlerArgs and
>>> it contains this:
>>>
>>> Array
>>> (
>>>     [IsPhantom] => N
>>>     [candID] => 986793
>>>     [pSCID] => TEST111
>>>     [visitLabel] => testing1
>>>     [mriFile] => Array
>>>         (
>>>             [name] => TEST111_986793_testing1.zip
>>>             [type] =>
>>>             [tmp_name] =>
>>>             [error] => 7
>>>             [size] => 0
>>>         )
>>> )
>>>
>>>
>>> Any suggestions on how to get the uploader working? I have verified that
>>> the MRIUploadIncomingPath variable is set appropriately and is an existing,
>>> writable directory. I also am able to successfully upload the same zip file
>>> from the back end.
>>>
>>>
>>> Thanks,
>>> Eli
>>>
>>>
>>> Eli Johnson
>>> Developer/Researcher
>>> Institute of Child Development
>>> University of Minnesota
>>> joh17964 at umn.edu
>>> _______________________________________________
>>> Loris-dev mailing list
>>> Loris-dev at bic.mni.mcgill.ca
>>> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200724/64e76356/attachment-0001.html>

From nicolasbrossard.mni at gmail.com  Fri Jul 24 13:22:45 2020
From: nicolasbrossard.mni at gmail.com (Nicolas Brossard)
Date: Fri, 24 Jul 2020 13:22:45 -0400
Subject: [Loris-dev] Imaging Uploader Failing File Verification
In-Reply-To: <CAHaEUvqxL4dok33fWC1BsSQrDqGWLTjPSSgfYj56XXJLV=Pp9A@mail.gmail.com>
References: <CAKcpJh4eJvPdrdM1-G5LOrbgzgEq4k+cUTGtmwJrbcB5Bi32WQ@mail.gmail.com>
 <CAHaEUvpD-FqzGNchedPxFOR=r-H7A8A9=Mtw=rxhw0ZmyD9UNA@mail.gmail.com>
 <CAKcpJh6BQZRvCeOZvOYXQxUjp22uVT=zG-S1_nk7z77-8ZSE8g@mail.gmail.com>
 <CAHaEUvqxL4dok33fWC1BsSQrDqGWLTjPSSgfYj56XXJLV=Pp9A@mail.gmail.com>
Message-ID: <CAHaEUvoEYVZ7apxRLiynRT8ye__A1eo0G87jXCct9ENbO6eKoA@mail.gmail.com>

Also, here are links for information regarding error code 7:

https://www.php.net/manual/en/features.file-upload.post-method.php
https://www.php.net/manual/en/features.file-upload.errors.php

Hope this helps.

Best,
Nicolas

On Fri, Jul 24, 2020 at 1:18 PM Nicolas Brossard <
nicolasbrossard.mni at gmail.com> wrote:

> Hi Eli,
>
> If you have specified a value for TMPDIR in your environment file, you
> should also set the value of variable upload_tmp_dir in your php.ini
> file, otherwise the uploader will still use the default system temporary
> directory (usually /tmp, which most often than not has limited space).
>
> On Fri, Jul 24, 2020 at 12:26 PM Eli Johnson <joh17964 at umn.edu> wrote:
>
>> Hi Nicolas,
>>
>> I do have a custom path for TMPDIR set in the environment file and I have
>> confirmed that the directory is writable (by user apache in this case since
>> OS is RHEL) and has plenty of space.
>>
>> Where do I find what the upload error code number indicates? I saw that
>> it was 7 but couldn't find where it was being set or what it meant.
>>
>> Any other recommendations for debugging this? The error log is sparse and
>> not particularly helpful here. Should I still be looking in
>> imaging_uploader.class.inc or is this an issue that begins in a parent
>> library (ie File_Upload.class.inc)?
>>
>> Best,
>> Eli
>>
>> Eli Johnson
>> Developer/Researcher
>> Institute of Child Development
>> University of Minnesota
>> joh17964 at umn.edu
>>
>>
>> On Fri, Jul 24, 2020 at 11:03 AM Nicolas Brossard <
>> nicolasbrossard.mni at gmail.com> wrote:
>>
>>> Hi Eli,
>>>
>>> Looking at what is being passed to $file->setHandlerArgs, I can see
>>> that the upload error code is set to 7, which means that the system could
>>> not copy your file in the temporary directory dedicated to uploading files
>>> on the server. By default, uploaded files are written in /tmp, but you
>>> can override this by setting variable TMPDIR in
>>> <LORIS_MRI_ROOT>/environment. I would check that whichever directory
>>> you are uploading to has enough free space to allow the upload and that
>>> user www-data has write permission on that directory.
>>>
>>> Let me know if that fixes the issue.
>>>
>>> Best,
>>> Nicolas
>>>
>>> On Thu, Jul 23, 2020 at 11:50 PM Eli Johnson <joh17964 at umn.edu> wrote:
>>>
>>>> Hi,
>>>>
>>>> Using LORIS v23.0 on RHEL 7, accessing LORIS front end from Chrome.
>>>>
>>>> I'm currently setting up the LORIS-MRI and imaging modules for LORIS. I
>>>> am running into an issue with the Imaging Uploader on the front end where
>>>> it is returning the error message "The
>>>> file TEST111_986793_testing1.zip is not of type .tgz, .tar.gz or .zip."
>>>> When checking the error-log from the back end I'm seeing...
>>>>
>>>> PHP Warning:  mime_content_type(): Empty filename or path in
>>>> /<basepath>/modules/imaging_uploader/php/imaging_uploader.class.inc on line
>>>> 646, referer: http://<site>/imaging_uploader
>>>>
>>>>
>>>> Upon further investigation into imaging_uploader.class.inc, the
>>>> function isCompressed() is being passed an empty string from isValid().
>>>> IsValid is passing it $temp_file, defined in
>>>> $temp_file=$file->fileInfo['tmp_name'], but this is also an
>>>> empty string. So I'm trying to figure out at what stage 'tmp_name' should
>>>> be defined for $file->fileInfo but I am struggling to track it down. I
>>>> checked what was being passed in $file->setHandlerArgs and it contains this:
>>>>
>>>> Array
>>>> (
>>>>     [IsPhantom] => N
>>>>     [candID] => 986793
>>>>     [pSCID] => TEST111
>>>>     [visitLabel] => testing1
>>>>     [mriFile] => Array
>>>>         (
>>>>             [name] => TEST111_986793_testing1.zip
>>>>             [type] =>
>>>>             [tmp_name] =>
>>>>             [error] => 7
>>>>             [size] => 0
>>>>         )
>>>> )
>>>>
>>>>
>>>> Any suggestions on how to get the uploader working? I have verified
>>>> that the MRIUploadIncomingPath variable is set appropriately and is an
>>>> existing, writable directory. I also am able to successfully upload the
>>>> same zip file from the back end.
>>>>
>>>>
>>>> Thanks,
>>>> Eli
>>>>
>>>>
>>>> Eli Johnson
>>>> Developer/Researcher
>>>> Institute of Child Development
>>>> University of Minnesota
>>>> joh17964 at umn.edu
>>>> _______________________________________________
>>>> Loris-dev mailing list
>>>> Loris-dev at bic.mni.mcgill.ca
>>>> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200724/684b44c4/attachment.html>

From joh17964 at umn.edu  Fri Jul 24 18:44:17 2020
From: joh17964 at umn.edu (Eli Johnson)
Date: Fri, 24 Jul 2020 17:44:17 -0500
Subject: [Loris-dev] Imaging Uploader Failing File Verification
In-Reply-To: <CAHaEUvoEYVZ7apxRLiynRT8ye__A1eo0G87jXCct9ENbO6eKoA@mail.gmail.com>
References: <CAKcpJh4eJvPdrdM1-G5LOrbgzgEq4k+cUTGtmwJrbcB5Bi32WQ@mail.gmail.com>
 <CAHaEUvpD-FqzGNchedPxFOR=r-H7A8A9=Mtw=rxhw0ZmyD9UNA@mail.gmail.com>
 <CAKcpJh6BQZRvCeOZvOYXQxUjp22uVT=zG-S1_nk7z77-8ZSE8g@mail.gmail.com>
 <CAHaEUvqxL4dok33fWC1BsSQrDqGWLTjPSSgfYj56XXJLV=Pp9A@mail.gmail.com>
 <CAHaEUvoEYVZ7apxRLiynRT8ye__A1eo0G87jXCct9ENbO6eKoA@mail.gmail.com>
Message-ID: <CAKcpJh6NhhkgLjqsaZrLJ55uKZG9tu_iYaWvGTcNCqDkmL0c6Q@mail.gmail.com>

Thanks Nicolas,

It looks like the error was that the script was still pulling /tmp as the
directory. To resolve, I set upload_tmp_dir and sys_temp_dir to my custom
path and then set systemd PrivateTmp to false (specific to centos/rhel).

-Eli

Eli Johnson
Developer/Researcher
Institute of Child Development
University of Minnesota
joh17964 at umn.edu


On Fri, Jul 24, 2020 at 12:22 PM Nicolas Brossard <
nicolasbrossard.mni at gmail.com> wrote:

> Also, here are links for information regarding error code 7:
>
> https://www.php.net/manual/en/features.file-upload.post-method.php
> https://www.php.net/manual/en/features.file-upload.errors.php
>
> Hope this helps.
>
> Best,
> Nicolas
>
> On Fri, Jul 24, 2020 at 1:18 PM Nicolas Brossard <
> nicolasbrossard.mni at gmail.com> wrote:
>
>> Hi Eli,
>>
>> If you have specified a value for TMPDIR in your environment file, you
>> should also set the value of variable upload_tmp_dir in your php.ini
>> file, otherwise the uploader will still use the default system temporary
>> directory (usually /tmp, which most often than not has limited space).
>>
>> On Fri, Jul 24, 2020 at 12:26 PM Eli Johnson <joh17964 at umn.edu> wrote:
>>
>>> Hi Nicolas,
>>>
>>> I do have a custom path for TMPDIR set in the environment file and I
>>> have confirmed that the directory is writable (by user apache in this case
>>> since OS is RHEL) and has plenty of space.
>>>
>>> Where do I find what the upload error code number indicates? I saw that
>>> it was 7 but couldn't find where it was being set or what it meant.
>>>
>>> Any other recommendations for debugging this? The error log is sparse
>>> and not particularly helpful here. Should I still be looking in
>>> imaging_uploader.class.inc or is this an issue that begins in a parent
>>> library (ie File_Upload.class.inc)?
>>>
>>> Best,
>>> Eli
>>>
>>> Eli Johnson
>>> Developer/Researcher
>>> Institute of Child Development
>>> University of Minnesota
>>> joh17964 at umn.edu
>>>
>>>
>>> On Fri, Jul 24, 2020 at 11:03 AM Nicolas Brossard <
>>> nicolasbrossard.mni at gmail.com> wrote:
>>>
>>>> Hi Eli,
>>>>
>>>> Looking at what is being passed to $file->setHandlerArgs, I can see
>>>> that the upload error code is set to 7, which means that the system could
>>>> not copy your file in the temporary directory dedicated to uploading files
>>>> on the server. By default, uploaded files are written in /tmp, but you
>>>> can override this by setting variable TMPDIR in
>>>> <LORIS_MRI_ROOT>/environment. I would check that whichever directory
>>>> you are uploading to has enough free space to allow the upload and that
>>>> user www-data has write permission on that directory.
>>>>
>>>> Let me know if that fixes the issue.
>>>>
>>>> Best,
>>>> Nicolas
>>>>
>>>> On Thu, Jul 23, 2020 at 11:50 PM Eli Johnson <joh17964 at umn.edu> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Using LORIS v23.0 on RHEL 7, accessing LORIS front end from Chrome.
>>>>>
>>>>> I'm currently setting up the LORIS-MRI and imaging modules for LORIS.
>>>>> I am running into an issue with the Imaging Uploader on the front end where
>>>>> it is returning the error message "The
>>>>> file TEST111_986793_testing1.zip is not of type .tgz, .tar.gz or .zip."
>>>>> When checking the error-log from the back end I'm seeing...
>>>>>
>>>>> PHP Warning:  mime_content_type(): Empty filename or path in
>>>>> /<basepath>/modules/imaging_uploader/php/imaging_uploader.class.inc on line
>>>>> 646, referer: http://<site>/imaging_uploader
>>>>>
>>>>>
>>>>> Upon further investigation into imaging_uploader.class.inc, the
>>>>> function isCompressed() is being passed an empty string from isValid().
>>>>> IsValid is passing it $temp_file, defined in
>>>>> $temp_file=$file->fileInfo['tmp_name'], but this is also an
>>>>> empty string. So I'm trying to figure out at what stage 'tmp_name' should
>>>>> be defined for $file->fileInfo but I am struggling to track it down. I
>>>>> checked what was being passed in $file->setHandlerArgs and it contains this:
>>>>>
>>>>> Array
>>>>> (
>>>>>     [IsPhantom] => N
>>>>>     [candID] => 986793
>>>>>     [pSCID] => TEST111
>>>>>     [visitLabel] => testing1
>>>>>     [mriFile] => Array
>>>>>         (
>>>>>             [name] => TEST111_986793_testing1.zip
>>>>>             [type] =>
>>>>>             [tmp_name] =>
>>>>>             [error] => 7
>>>>>             [size] => 0
>>>>>         )
>>>>> )
>>>>>
>>>>>
>>>>> Any suggestions on how to get the uploader working? I have verified
>>>>> that the MRIUploadIncomingPath variable is set appropriately and is an
>>>>> existing, writable directory. I also am able to successfully upload the
>>>>> same zip file from the back end.
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Eli
>>>>>
>>>>>
>>>>> Eli Johnson
>>>>> Developer/Researcher
>>>>> Institute of Child Development
>>>>> University of Minnesota
>>>>> joh17964 at umn.edu
>>>>> _______________________________________________
>>>>> Loris-dev mailing list
>>>>> Loris-dev at bic.mni.mcgill.ca
>>>>> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>>>>>
>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200724/9cf39c1f/attachment-0001.html>

From pnovak2 at uoregon.edu  Mon Jul 27 11:45:33 2020
From: pnovak2 at uoregon.edu (Paul Novak)
Date: Mon, 27 Jul 2020 15:45:33 +0000
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
Message-ID: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>

Hello,

After uploading images using the imaging_uploader module, I am trying to view the images through the imaging browser (imaging_browser/viewSession/?sessionID=2). However, that page always returns 403 Unauthorized and displays a standard ?You do not have access to this page? page. I am currently logged in as an admin user to LORIS and the list of permissions have all the permissions for imaging_browser module selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have any errors at the time I am trying to access this module. I am using LORIS 23.0.1.

How can I view the images? What can I do to further troubleshoot this problem?

Paul

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/1a804694/attachment.html>

From cecile.madjar at mcin.ca  Mon Jul 27 12:00:52 2020
From: cecile.madjar at mcin.ca (Cecile Madjar)
Date: Mon, 27 Jul 2020 12:00:52 -0400
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
Message-ID: <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>

Hello Paul,

does your admin user have access to all projects in the table
user_project_rel?

In order for the user to see that page, it needs to have access to the
project of the sessions. We recently added the project layer to LORIS so my
guess would be that your admin user does not have the project of that
session listed in his associated project in user_project_rel.

Hope this helps,

C?cile

On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu> wrote:

> Hello,
>
>
>
> After uploading images using the imaging_uploader module, I am trying to
> view the images through the imaging browser
> (imaging_browser/viewSession/?sessionID=2). However, that page always
> returns 403 Unauthorized and displays a standard ?You do not have access to
> this page? page. I am currently logged in as an admin user to LORIS and the
> list of permissions have all the permissions for imaging_browser module
> selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have
> any errors at the time I am trying to access this module. I am using LORIS
> 23.0.1.
>
>
>
> How can I view the images? What can I do to further troubleshoot this
> problem?
>
>
>
> Paul
>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/f0e07de9/attachment.html>

From pnovak2 at uoregon.edu  Mon Jul 27 12:16:38 2020
From: pnovak2 at uoregon.edu (Paul Novak)
Date: Mon, 27 Jul 2020 16:16:38 +0000
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
 <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
Message-ID: <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>

I don?t understand what is meant by recent. This is a new installation using a released version.

There is a single project and a single user.  The entire contents of user_project_rel are:

?select * from user_project_rel;
+--------+-----------+
| UserID | ProjectID |
+--------+-----------+
|      1 |         1 |
+--------+-----------+

Paul

From: Cecile Madjar <cecile.madjar at mcin.ca>
Date: Monday, July 27, 2020 at 9:01 AM
To: Paul Novak <pnovak2 at uoregon.edu>
Cc: "loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hello Paul,

does your admin user have access to all projects in the table user_project_rel?

In order for the user to see that page, it needs to have access to the project of the sessions. We recently added the project layer to LORIS so my guess would be that your admin user does not have the project of that session listed in his associated project in user_project_rel.

Hope this helps,

C?cile

On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
Hello,

After uploading images using the imaging_uploader module, I am trying to view the images through the imaging browser (imaging_browser/viewSession/?sessionID=2). However, that page always returns 403 Unauthorized and displays a standard ?You do not have access to this page? page. I am currently logged in as an admin user to LORIS and the list of permissions have all the permissions for imaging_browser module selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have any errors at the time I am trying to access this module. I am using LORIS 23.0.1.

How can I view the images? What can I do to further troubleshoot this problem?

Paul

_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/9db2f5ba/attachment.html>

From dave.macfarlane at mcin.ca  Mon Jul 27 12:58:07 2020
From: dave.macfarlane at mcin.ca (Dave MacFarlane)
Date: Mon, 27 Jul 2020 12:58:07 -0400
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
 <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
 <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>
Message-ID: <CAN9cDwFch_pZmBDBswDFjz39R8kw6ek+V62TOBioWEfXJ5kx1A@mail.gmail.com>

Hi Paul,

The permissions for the imaging_browser are fairly complex because of the
interactions between all site/own site/project/entity type permissions.

If it's not production and you can modify the code, it might help to add
error_log statements (which will print to your apache error log) in the
function _hasAccess
in modules/imaging_browser/php/viewsession.class.inc in order to narrow
down exactly part of the criteria is causing it to return false.

If you can't add debug statements, can you check:

1. Is the candidate a Human or Scanner entity type? (The query select
Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2
will tell you)
2. What is the project and site of the session? (SELECT ProjectID, CenterID
FROM session WHERE ID=2)
3. What permissions does the user have in user_perm_rel? (The ones required
will vary based on the results of the above queries)
4. What sites does the user have in user_psc_rel?
5. Are you sure that the user ID of the user is "1" (since that was the
only user_project_rel permission result in your query..)?

On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu> wrote:

> I don?t understand what is meant by recent. This is a new installation
> using a released version.
>
>
>
> There is a single project and a single user.  The entire contents of
> user_project_rel are:
>
>
>
> ?select * from user_project_rel;
>
> +--------+-----------+
>
> | UserID | ProjectID |
>
> +--------+-----------+
>
> |      1 |         1 |
>
> +--------+-----------+
>
>
>
> Paul
>
>
>
> *From: *Cecile Madjar <cecile.madjar at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:01 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *"loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hello Paul,
>
>
>
> does your admin user have access to all projects in the table
> user_project_rel?
>
>
>
> In order for the user to see that page, it needs to have access to the
> project of the sessions. We recently added the project layer to LORIS so my
> guess would be that your admin user does not have the project of that
> session listed in his associated project in user_project_rel.
>
>
>
> Hope this helps,
>
>
>
> C?cile
>
>
>
> On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> Hello,
>
>
>
> After uploading images using the imaging_uploader module, I am trying to
> view the images through the imaging browser
> (imaging_browser/viewSession/?sessionID=2). However, that page always
> returns 403 Unauthorized and displays a standard ?You do not have access to
> this page? page. I am currently logged in as an admin user to LORIS and the
> list of permissions have all the permissions for imaging_browser module
> selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have
> any errors at the time I am trying to access this module. I am using LORIS
> 23.0.1.
>
>
>
> How can I view the images? What can I do to further troubleshoot this
> problem?
>
>
>
> Paul
>
>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/170adf59/attachment-0001.html>

From pnovak2 at uoregon.edu  Mon Jul 27 13:21:45 2020
From: pnovak2 at uoregon.edu (Paul Novak)
Date: Mon, 27 Jul 2020 17:21:45 +0000
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <CAN9cDwFch_pZmBDBswDFjz39R8kw6ek+V62TOBioWEfXJ5kx1A@mail.gmail.com>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
 <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
 <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>
 <CAN9cDwFch_pZmBDBswDFjz39R8kw6ek+V62TOBioWEfXJ5kx1A@mail.gmail.com>
Message-ID: <C2EF9866-485F-410F-9B98-16CD61DF96CA@uoregon.edu>

I am not able to edit as suggested.

For the other checks:

  1.  Human
  2.  ProjectID = 1, CenterID = 2
  3.  The user with userID 1 has permissions [1,20] [22,25], [28,65]. Put another way, the user has all permissions from 1 to 65, except the user does not have permissions with IDs 21, 26 or 27. The missing permissions appear to not exist (from permissions table).
  4.  User with userID 1 has CenterID 1 and 2, from table user_psc_rel.
  5.  Yes.

I am guessing that you are trying to determine if the user has the site that the session is associated with, which it appears to be, and if the user has permissions to use imaging_browser, which I think it does. Following the module documentation: https://github.com/aces/Loris/tree/main/modules/imaging_browser, this user has permissions:

imaging_browser_view_allsites (View all-sites Imaging Browser pages
imaging_browser_view_site (View own-site Imaging Browser pages)
imaging_browser_phantom_allsites (Can access only phantom data from all sites in Imaging Browser
imaging_browser_phantom_ownsite (Can access only phantom data from own site in Imaging Browser
imaging_browser_qc (Edit imaging browser QC status)
Paul

From: Dave MacFarlane <dave.macfarlane at mcin.ca>
Date: Monday, July 27, 2020 at 9:58 AM
To: Paul Novak <pnovak2 at uoregon.edu>
Cc: Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hi Paul,

The permissions for the imaging_browser are fairly complex because of the interactions between all site/own site/project/entity type permissions.

If it's not production and you can modify the code, it might help to add error_log statements (which will print to your apache error log) in the function _hasAccess
in modules/imaging_browser/php/viewsession.class.inc in order to narrow down exactly part of the criteria is causing it to return false.

If you can't add debug statements, can you check:

1. Is the candidate a Human or Scanner entity type? (The query select Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2 will tell you)
2. What is the project and site of the session? (SELECT ProjectID, CenterID FROM session WHERE ID=2)
3. What permissions does the user have in user_perm_rel? (The ones required will vary based on the results of the above queries)
4. What sites does the user have in user_psc_rel?
5. Are you sure that the user ID of the user is "1" (since that was the only user_project_rel permission result in your query..)?

On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
I don?t understand what is meant by recent. This is a new installation using a released version.

There is a single project and a single user.  The entire contents of user_project_rel are:

select * from user_project_rel;
+--------+-----------+
| UserID | ProjectID |
+--------+-----------+
|      1 |         1 |
+--------+-----------+

Paul

From: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>
Date: Monday, July 27, 2020 at 9:01 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hello Paul,

does your admin user have access to all projects in the table user_project_rel?

In order for the user to see that page, it needs to have access to the project of the sessions. We recently added the project layer to LORIS so my guess would be that your admin user does not have the project of that session listed in his associated project in user_project_rel.

Hope this helps,

C?cile

On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
Hello,

After uploading images using the imaging_uploader module, I am trying to view the images through the imaging browser (imaging_browser/viewSession/?sessionID=2). However, that page always returns 403 Unauthorized and displays a standard ?You do not have access to this page? page. I am currently logged in as an admin user to LORIS and the list of permissions have all the permissions for imaging_browser module selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have any errors at the time I am trying to access this module. I am using LORIS 23.0.1.

How can I view the images? What can I do to further troubleshoot this problem?

Paul

_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!VlUQsuvElQeJl7SvZ5k1KYoB45nhq6LbALY-SXFa_kZsVkt1i7sRv0_Ougf72vFJDjs$>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/83e70ed7/attachment-0001.html>

From dave.macfarlane at mcin.ca  Mon Jul 27 13:41:16 2020
From: dave.macfarlane at mcin.ca (Dave MacFarlane)
Date: Mon, 27 Jul 2020 13:41:16 -0400
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <C2EF9866-485F-410F-9B98-16CD61DF96CA@uoregon.edu>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
 <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
 <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>
 <CAN9cDwFch_pZmBDBswDFjz39R8kw6ek+V62TOBioWEfXJ5kx1A@mail.gmail.com>
 <C2EF9866-485F-410F-9B98-16CD61DF96CA@uoregon.edu>
Message-ID: <CAN9cDwHbiaCAEWRXnHGjifZmqN6nAy_K_pOPVL1n0P3S1zvpKQ@mail.gmail.com>

I was trying to determine which code path the hasAccess function is going
down to trace through the code manually, but I was mistaken about the
project. The access function seems to use the candidate's registration
project, not the session's project.

Based on it being 'Human' and the user having
'imaging_browser_view_allsites' it's still possible for the
$user->hasProject check (which is enforced regardless of the
site permission) to fail.

Can you check the candidate's RegistrationProjectID? SELECT
c.RegistrationProjectID from candidate c JOIN session s USING (CandID)
WHERE s.ID=2

On Mon, Jul 27, 2020 at 1:21 PM Paul Novak <pnovak2 at uoregon.edu> wrote:

> I am not able to edit as suggested.
>
>
>
> For the other checks:
>
>    1. Human
>    2. ProjectID = 1, CenterID = 2
>    3. The user with userID 1 has permissions [1,20] [22,25], [28,65]. Put
>    another way, the user has all permissions from 1 to 65, except the user
>    does not have permissions with IDs 21, 26 or 27. The missing permissions
>    appear to not exist (from permissions table).
>    4. User with userID 1 has CenterID 1 and 2, from table user_psc_rel.
>    5. Yes.
>
>
>
> I am guessing that you are trying to determine if the user has the site
> that the session is associated with, which it appears to be, and if the
> user has permissions to use imaging_browser, which I think it does.
> Following the module documentation:
> https://github.com/aces/Loris/tree/main/modules/imaging_browser, this
> user has permissions:
>
> imaging_browser_view_allsites (View all-sites Imaging Browser pages
> imaging_browser_view_site (View own-site Imaging Browser pages)
> imaging_browser_phantom_allsites (Can access only phantom data from all
> sites in Imaging Browser
> imaging_browser_phantom_ownsite (Can access only phantom data from own
> site in Imaging Browser
> imaging_browser_qc (Edit imaging browser QC status)
>
> Paul
>
>
>
> *From: *Dave MacFarlane <dave.macfarlane at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:58 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca"
> <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hi Paul,
>
>
>
> The permissions for the imaging_browser are fairly complex because of the
> interactions between all site/own site/project/entity type permissions.
>
>
>
> If it's not production and you can modify the code, it might help to add
> error_log statements (which will print to your apache error log) in the
> function _hasAccess
>
> in modules/imaging_browser/php/viewsession.class.inc in order to narrow
> down exactly part of the criteria is causing it to return false.
>
>
>
> If you can't add debug statements, can you check:
>
>
>
> 1. Is the candidate a Human or Scanner entity type? (The query select
> Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2
> will tell you)
>
> 2. What is the project and site of the session? (SELECT ProjectID,
> CenterID FROM session WHERE ID=2)
>
> 3. What permissions does the user have in user_perm_rel? (The ones
> required will vary based on the results of the above queries)
>
> 4. What sites does the user have in user_psc_rel?
>
> 5. Are you sure that the user ID of the user is "1" (since that was the
> only user_project_rel permission result in your query..)?
>
>
>
> On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> I don?t understand what is meant by recent. This is a new installation
> using a released version.
>
>
>
> There is a single project and a single user.  The entire contents of
> user_project_rel are:
>
>
>
> select * from user_project_rel;
>
> +--------+-----------+
>
> | UserID | ProjectID |
>
> +--------+-----------+
>
> |      1 |         1 |
>
> +--------+-----------+
>
>
>
> Paul
>
>
>
> *From: *Cecile Madjar <cecile.madjar at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:01 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *"loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hello Paul,
>
>
>
> does your admin user have access to all projects in the table
> user_project_rel?
>
>
>
> In order for the user to see that page, it needs to have access to the
> project of the sessions. We recently added the project layer to LORIS so my
> guess would be that your admin user does not have the project of that
> session listed in his associated project in user_project_rel.
>
>
>
> Hope this helps,
>
>
>
> C?cile
>
>
>
> On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> Hello,
>
>
>
> After uploading images using the imaging_uploader module, I am trying to
> view the images through the imaging browser
> (imaging_browser/viewSession/?sessionID=2). However, that page always
> returns 403 Unauthorized and displays a standard ?You do not have access to
> this page? page. I am currently logged in as an admin user to LORIS and the
> list of permissions have all the permissions for imaging_browser module
> selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have
> any errors at the time I am trying to access this module. I am using LORIS
> 23.0.1.
>
>
>
> How can I view the images? What can I do to further troubleshoot this
> problem?
>
>
>
> Paul
>
>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!VlUQsuvElQeJl7SvZ5k1KYoB45nhq6LbALY-SXFa_kZsVkt1i7sRv0_Ougf72vFJDjs$>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/05765a60/attachment.html>

From pnovak2 at uoregon.edu  Mon Jul 27 13:44:11 2020
From: pnovak2 at uoregon.edu (Paul Novak)
Date: Mon, 27 Jul 2020 17:44:11 +0000
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <CAN9cDwHbiaCAEWRXnHGjifZmqN6nAy_K_pOPVL1n0P3S1zvpKQ@mail.gmail.com>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
 <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
 <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>
 <CAN9cDwFch_pZmBDBswDFjz39R8kw6ek+V62TOBioWEfXJ5kx1A@mail.gmail.com>
 <C2EF9866-485F-410F-9B98-16CD61DF96CA@uoregon.edu>
 <CAN9cDwHbiaCAEWRXnHGjifZmqN6nAy_K_pOPVL1n0P3S1zvpKQ@mail.gmail.com>
Message-ID: <E5E0B74B-58BF-4EEF-8383-2F54826218C5@uoregon.edu>

The result of that query is:

?SELECT c.RegistrationProjectID from candidate c JOIN session s USING (CandID) WHERE s.ID=2;
+-----------------------+
| RegistrationProjectID |
+-----------------------+
|                     2 |
+-----------------------+

Paul

From: Dave MacFarlane <dave.macfarlane at mcin.ca>
Date: Monday, July 27, 2020 at 10:41 AM
To: Paul Novak <pnovak2 at uoregon.edu>
Cc: Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

I was trying to determine which code path the hasAccess function is going down to trace through the code manually, but I was mistaken about the project. The access function seems to use the candidate's registration project, not the session's project.

Based on it being 'Human' and the user having 'imaging_browser_view_allsites' it's still possible for the  $user->hasProject check (which is enforced regardless of the
site permission) to fail.

Can you check the candidate's RegistrationProjectID? SELECT c.RegistrationProjectID from candidate c JOIN session s USING (CandID) WHERE s.ID=2

On Mon, Jul 27, 2020 at 1:21 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
I am not able to edit as suggested.

For the other checks:

  1.  Human
  2.  ProjectID = 1, CenterID = 2
  3.  The user with userID 1 has permissions [1,20] [22,25], [28,65]. Put another way, the user has all permissions from 1 to 65, except the user does not have permissions with IDs 21, 26 or 27. The missing permissions appear to not exist (from permissions table).
  4.  User with userID 1 has CenterID 1 and 2, from table user_psc_rel.
  5.  Yes.

I am guessing that you are trying to determine if the user has the site that the session is associated with, which it appears to be, and if the user has permissions to use imaging_browser, which I think it does. Following the module documentation: https://github.com/aces/Loris/tree/main/modules/imaging_browser<https://urldefense.com/v3/__https:/github.com/aces/Loris/tree/main/modules/imaging_browser__;!!C5qS4YX3!VrcBLT8Jq9zDw4cTtp1WcF0RDpwQZKmf65G7SB88Qh-kK54-9JUASHCPaVzoY5LroS4$>, this user has permissions:

imaging_browser_view_allsites (View all-sites Imaging Browser pages
imaging_browser_view_site (View own-site Imaging Browser pages)
imaging_browser_phantom_allsites (Can access only phantom data from all sites in Imaging Browser
imaging_browser_phantom_ownsite (Can access only phantom data from own site in Imaging Browser
imaging_browser_qc (Edit imaging browser QC status)
Paul

From: Dave MacFarlane <dave.macfarlane at mcin.ca<mailto:dave.macfarlane at mcin.ca>>
Date: Monday, July 27, 2020 at 9:58 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>, "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hi Paul,

The permissions for the imaging_browser are fairly complex because of the interactions between all site/own site/project/entity type permissions.

If it's not production and you can modify the code, it might help to add error_log statements (which will print to your apache error log) in the function _hasAccess
in modules/imaging_browser/php/viewsession.class.inc in order to narrow down exactly part of the criteria is causing it to return false.

If you can't add debug statements, can you check:

1. Is the candidate a Human or Scanner entity type? (The query select Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2 will tell you)
2. What is the project and site of the session? (SELECT ProjectID, CenterID FROM session WHERE ID=2)
3. What permissions does the user have in user_perm_rel? (The ones required will vary based on the results of the above queries)
4. What sites does the user have in user_psc_rel?
5. Are you sure that the user ID of the user is "1" (since that was the only user_project_rel permission result in your query..)?

On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
I don?t understand what is meant by recent. This is a new installation using a released version.

There is a single project and a single user.  The entire contents of user_project_rel are:

select * from user_project_rel;
+--------+-----------+
| UserID | ProjectID |
+--------+-----------+
|      1 |         1 |
+--------+-----------+

Paul

From: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>
Date: Monday, July 27, 2020 at 9:01 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hello Paul,

does your admin user have access to all projects in the table user_project_rel?

In order for the user to see that page, it needs to have access to the project of the sessions. We recently added the project layer to LORIS so my guess would be that your admin user does not have the project of that session listed in his associated project in user_project_rel.

Hope this helps,

C?cile

On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
Hello,

After uploading images using the imaging_uploader module, I am trying to view the images through the imaging browser (imaging_browser/viewSession/?sessionID=2). However, that page always returns 403 Unauthorized and displays a standard ?You do not have access to this page? page. I am currently logged in as an admin user to LORIS and the list of permissions have all the permissions for imaging_browser module selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have any errors at the time I am trying to access this module. I am using LORIS 23.0.1.

How can I view the images? What can I do to further troubleshoot this problem?

Paul

_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!VlUQsuvElQeJl7SvZ5k1KYoB45nhq6LbALY-SXFa_kZsVkt1i7sRv0_Ougf72vFJDjs$>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/56895a92/attachment-0001.html>

From dave.macfarlane at mcin.ca  Mon Jul 27 14:00:20 2020
From: dave.macfarlane at mcin.ca (Dave MacFarlane)
Date: Mon, 27 Jul 2020 14:00:20 -0400
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <E5E0B74B-58BF-4EEF-8383-2F54826218C5@uoregon.edu>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
 <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
 <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>
 <CAN9cDwFch_pZmBDBswDFjz39R8kw6ek+V62TOBioWEfXJ5kx1A@mail.gmail.com>
 <C2EF9866-485F-410F-9B98-16CD61DF96CA@uoregon.edu>
 <CAN9cDwHbiaCAEWRXnHGjifZmqN6nAy_K_pOPVL1n0P3S1zvpKQ@mail.gmail.com>
 <E5E0B74B-58BF-4EEF-8383-2F54826218C5@uoregon.edu>
Message-ID: <CAN9cDwH3EsmcvG_t1bOOewV6xvwya-gjbtP7W2eeY_g8Tk7n+w@mail.gmail.com>

That seems to be the cause of the problem, your user isn't affiliated with
Project 2. Cecile's first hunch was right, but it's using the candidate's
registration project, not the session. I think there's 2 issues:

1. I don't know why it's checking the candidate's registrationProjectID and
not the session's projectID. This is a bug that we should fix in LORIS.
2. Your admin user should probably have access to ProjectID 2. You can
adjust the project affiliations either in the user_accounts module or in the
backend, if they are indeed supposed to be affiliated with that project.

On Mon, Jul 27, 2020 at 1:44 PM Paul Novak <pnovak2 at uoregon.edu> wrote:

> The result of that query is:
>
>
>
> ?SELECT c.RegistrationProjectID from candidate c JOIN session s USING
> (CandID) WHERE s.ID=2;
>
> +-----------------------+
>
> | RegistrationProjectID |
>
> +-----------------------+
>
> |                     2 |
>
> +-----------------------+
>
>
>
> Paul
>
>
>
> *From: *Dave MacFarlane <dave.macfarlane at mcin.ca>
> *Date: *Monday, July 27, 2020 at 10:41 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca"
> <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> I was trying to determine which code path the hasAccess function is going
> down to trace through the code manually, but I was mistaken about the
> project. The access function seems to use the candidate's registration
> project, not the session's project.
>
>
>
> Based on it being 'Human' and the user having
> 'imaging_browser_view_allsites' it's still possible for the
> $user->hasProject check (which is enforced regardless of the
>
> site permission) to fail.
>
>
>
> Can you check the candidate's RegistrationProjectID? SELECT
> c.RegistrationProjectID from candidate c JOIN session s USING (CandID)
> WHERE s.ID=2
>
>
>
> On Mon, Jul 27, 2020 at 1:21 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> I am not able to edit as suggested.
>
>
>
> For the other checks:
>
>    1. Human
>    2. ProjectID = 1, CenterID = 2
>    3. The user with userID 1 has permissions [1,20] [22,25], [28,65]. Put
>    another way, the user has all permissions from 1 to 65, except the user
>    does not have permissions with IDs 21, 26 or 27. The missing permissions
>    appear to not exist (from permissions table).
>    4. User with userID 1 has CenterID 1 and 2, from table user_psc_rel.
>    5. Yes.
>
>
>
> I am guessing that you are trying to determine if the user has the site
> that the session is associated with, which it appears to be, and if the
> user has permissions to use imaging_browser, which I think it does.
> Following the module documentation:
> https://github.com/aces/Loris/tree/main/modules/imaging_browser
> <https://urldefense.com/v3/__https:/github.com/aces/Loris/tree/main/modules/imaging_browser__;!!C5qS4YX3!VrcBLT8Jq9zDw4cTtp1WcF0RDpwQZKmf65G7SB88Qh-kK54-9JUASHCPaVzoY5LroS4$>,
> this user has permissions:
>
> imaging_browser_view_allsites (View all-sites Imaging Browser pages
> imaging_browser_view_site (View own-site Imaging Browser pages)
> imaging_browser_phantom_allsites (Can access only phantom data from all
> sites in Imaging Browser
> imaging_browser_phantom_ownsite (Can access only phantom data from own
> site in Imaging Browser
> imaging_browser_qc (Edit imaging browser QC status)
>
> Paul
>
>
>
> *From: *Dave MacFarlane <dave.macfarlane at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:58 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca"
> <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hi Paul,
>
>
>
> The permissions for the imaging_browser are fairly complex because of the
> interactions between all site/own site/project/entity type permissions.
>
>
>
> If it's not production and you can modify the code, it might help to add
> error_log statements (which will print to your apache error log) in the
> function _hasAccess
>
> in modules/imaging_browser/php/viewsession.class.inc in order to narrow
> down exactly part of the criteria is causing it to return false.
>
>
>
> If you can't add debug statements, can you check:
>
>
>
> 1. Is the candidate a Human or Scanner entity type? (The query select
> Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2
> will tell you)
>
> 2. What is the project and site of the session? (SELECT ProjectID,
> CenterID FROM session WHERE ID=2)
>
> 3. What permissions does the user have in user_perm_rel? (The ones
> required will vary based on the results of the above queries)
>
> 4. What sites does the user have in user_psc_rel?
>
> 5. Are you sure that the user ID of the user is "1" (since that was the
> only user_project_rel permission result in your query..)?
>
>
>
> On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> I don?t understand what is meant by recent. This is a new installation
> using a released version.
>
>
>
> There is a single project and a single user.  The entire contents of
> user_project_rel are:
>
>
>
> select * from user_project_rel;
>
> +--------+-----------+
>
> | UserID | ProjectID |
>
> +--------+-----------+
>
> |      1 |         1 |
>
> +--------+-----------+
>
>
>
> Paul
>
>
>
> *From: *Cecile Madjar <cecile.madjar at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:01 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *"loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hello Paul,
>
>
>
> does your admin user have access to all projects in the table
> user_project_rel?
>
>
>
> In order for the user to see that page, it needs to have access to the
> project of the sessions. We recently added the project layer to LORIS so my
> guess would be that your admin user does not have the project of that
> session listed in his associated project in user_project_rel.
>
>
>
> Hope this helps,
>
>
>
> C?cile
>
>
>
> On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> Hello,
>
>
>
> After uploading images using the imaging_uploader module, I am trying to
> view the images through the imaging browser
> (imaging_browser/viewSession/?sessionID=2). However, that page always
> returns 403 Unauthorized and displays a standard ?You do not have access to
> this page? page. I am currently logged in as an admin user to LORIS and the
> list of permissions have all the permissions for imaging_browser module
> selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have
> any errors at the time I am trying to access this module. I am using LORIS
> 23.0.1.
>
>
>
> How can I view the images? What can I do to further troubleshoot this
> problem?
>
>
>
> Paul
>
>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!VlUQsuvElQeJl7SvZ5k1KYoB45nhq6LbALY-SXFa_kZsVkt1i7sRv0_Ougf72vFJDjs$>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/e9505649/attachment.html>

From pnovak2 at uoregon.edu  Mon Jul 27 16:33:05 2020
From: pnovak2 at uoregon.edu (Paul Novak)
Date: Mon, 27 Jul 2020 20:33:05 +0000
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <CAN9cDwH3EsmcvG_t1bOOewV6xvwya-gjbtP7W2eeY_g8Tk7n+w@mail.gmail.com>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
 <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
 <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>
 <CAN9cDwFch_pZmBDBswDFjz39R8kw6ek+V62TOBioWEfXJ5kx1A@mail.gmail.com>
 <C2EF9866-485F-410F-9B98-16CD61DF96CA@uoregon.edu>
 <CAN9cDwHbiaCAEWRXnHGjifZmqN6nAy_K_pOPVL1n0P3S1zvpKQ@mail.gmail.com>
 <E5E0B74B-58BF-4EEF-8383-2F54826218C5@uoregon.edu>
 <CAN9cDwH3EsmcvG_t1bOOewV6xvwya-gjbtP7W2eeY_g8Tk7n+w@mail.gmail.com>
Message-ID: <FCE1DA6E-BC7C-49A3-A0D6-E0A3905A3DD2@uoregon.edu>

In the user_accounts module only one project is listed (it is some project named ?loris? that I don?t recall creating) and it is selected already. No other projects are listed, so I think that is another bug. How can a user change project associations if the list of projects is incomplete? See attached screenshot.

How can I give this user access to ProjectID 2? I couldn?t find documentation on how to modify user_project_rel table, and I do not know what SQL command exactly needs to be issued. I don?t know if that is the only modification that needs to be done.

Paul

From: Dave MacFarlane <dave.macfarlane at mcin.ca>
Date: Monday, July 27, 2020 at 11:00 AM
To: Paul Novak <pnovak2 at uoregon.edu>
Cc: Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

That seems to be the cause of the problem, your user isn't affiliated with Project 2. Cecile's first hunch was right, but it's using the candidate's registration project, not the session. I think there's 2 issues:

1. I don't know why it's checking the candidate's registrationProjectID and not the session's projectID. This is a bug that we should fix in LORIS.
2. Your admin user should probably have access to ProjectID 2. You can adjust the project affiliations either in the user_accounts module or in the
backend, if they are indeed supposed to be affiliated with that project.

On Mon, Jul 27, 2020 at 1:44 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
The result of that query is:

SELECT c.RegistrationProjectID from candidate c JOIN session s USING (CandID) WHERE s.ID=2;
+-----------------------+
| RegistrationProjectID |
+-----------------------+
|                     2 |
+-----------------------+

Paul

From: Dave MacFarlane <dave.macfarlane at mcin.ca<mailto:dave.macfarlane at mcin.ca>>
Date: Monday, July 27, 2020 at 10:41 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>, "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

I was trying to determine which code path the hasAccess function is going down to trace through the code manually, but I was mistaken about the project. The access function seems to use the candidate's registration project, not the session's project.

Based on it being 'Human' and the user having 'imaging_browser_view_allsites' it's still possible for the  $user->hasProject check (which is enforced regardless of the
site permission) to fail.

Can you check the candidate's RegistrationProjectID? SELECT c.RegistrationProjectID from candidate c JOIN session s USING (CandID) WHERE s.ID=2

On Mon, Jul 27, 2020 at 1:21 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
I am not able to edit as suggested.

For the other checks:

  1.  Human
  2.  ProjectID = 1, CenterID = 2
  3.  The user with userID 1 has permissions [1,20] [22,25], [28,65]. Put another way, the user has all permissions from 1 to 65, except the user does not have permissions with IDs 21, 26 or 27. The missing permissions appear to not exist (from permissions table).
  4.  User with userID 1 has CenterID 1 and 2, from table user_psc_rel.
  5.  Yes.

I am guessing that you are trying to determine if the user has the site that the session is associated with, which it appears to be, and if the user has permissions to use imaging_browser, which I think it does. Following the module documentation: https://github.com/aces/Loris/tree/main/modules/imaging_browser<https://urldefense.com/v3/__https:/github.com/aces/Loris/tree/main/modules/imaging_browser__;!!C5qS4YX3!VrcBLT8Jq9zDw4cTtp1WcF0RDpwQZKmf65G7SB88Qh-kK54-9JUASHCPaVzoY5LroS4$>, this user has permissions:

imaging_browser_view_allsites (View all-sites Imaging Browser pages
imaging_browser_view_site (View own-site Imaging Browser pages)
imaging_browser_phantom_allsites (Can access only phantom data from all sites in Imaging Browser
imaging_browser_phantom_ownsite (Can access only phantom data from own site in Imaging Browser
imaging_browser_qc (Edit imaging browser QC status)
Paul

From: Dave MacFarlane <dave.macfarlane at mcin.ca<mailto:dave.macfarlane at mcin.ca>>
Date: Monday, July 27, 2020 at 9:58 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>, "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hi Paul,

The permissions for the imaging_browser are fairly complex because of the interactions between all site/own site/project/entity type permissions.

If it's not production and you can modify the code, it might help to add error_log statements (which will print to your apache error log) in the function _hasAccess
in modules/imaging_browser/php/viewsession.class.inc in order to narrow down exactly part of the criteria is causing it to return false.

If you can't add debug statements, can you check:

1. Is the candidate a Human or Scanner entity type? (The query select Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2 will tell you)
2. What is the project and site of the session? (SELECT ProjectID, CenterID FROM session WHERE ID=2)
3. What permissions does the user have in user_perm_rel? (The ones required will vary based on the results of the above queries)
4. What sites does the user have in user_psc_rel?
5. Are you sure that the user ID of the user is "1" (since that was the only user_project_rel permission result in your query..)?

On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
I don?t understand what is meant by recent. This is a new installation using a released version.

There is a single project and a single user.  The entire contents of user_project_rel are:

select * from user_project_rel;
+--------+-----------+
| UserID | ProjectID |
+--------+-----------+
|      1 |         1 |
+--------+-----------+

Paul

From: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>
Date: Monday, July 27, 2020 at 9:01 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hello Paul,

does your admin user have access to all projects in the table user_project_rel?

In order for the user to see that page, it needs to have access to the project of the sessions. We recently added the project layer to LORIS so my guess would be that your admin user does not have the project of that session listed in his associated project in user_project_rel.

Hope this helps,

C?cile

On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
Hello,

After uploading images using the imaging_uploader module, I am trying to view the images through the imaging browser (imaging_browser/viewSession/?sessionID=2). However, that page always returns 403 Unauthorized and displays a standard ?You do not have access to this page? page. I am currently logged in as an admin user to LORIS and the list of permissions have all the permissions for imaging_browser module selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have any errors at the time I am trying to access this module. I am using LORIS 23.0.1.

How can I view the images? What can I do to further troubleshoot this problem?

Paul

_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!VlUQsuvElQeJl7SvZ5k1KYoB45nhq6LbALY-SXFa_kZsVkt1i7sRv0_Ougf72vFJDjs$>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/b29a4c19/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2020-07-27 at 1.23.57 PM.png
Type: image/png
Size: 15398 bytes
Desc: Screen Shot 2020-07-27 at 1.23.57 PM.png
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/b29a4c19/attachment-0001.png>

From rida.abou-haidar at mcin.ca  Mon Jul 27 16:47:11 2020
From: rida.abou-haidar at mcin.ca (Rida Abou-Haidar)
Date: Mon, 27 Jul 2020 16:47:11 -0400
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <FCE1DA6E-BC7C-49A3-A0D6-E0A3905A3DD2@uoregon.edu>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
 <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
 <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>
 <CAN9cDwFch_pZmBDBswDFjz39R8kw6ek+V62TOBioWEfXJ5kx1A@mail.gmail.com>
 <C2EF9866-485F-410F-9B98-16CD61DF96CA@uoregon.edu>
 <CAN9cDwHbiaCAEWRXnHGjifZmqN6nAy_K_pOPVL1n0P3S1zvpKQ@mail.gmail.com>
 <E5E0B74B-58BF-4EEF-8383-2F54826218C5@uoregon.edu>
 <CAN9cDwH3EsmcvG_t1bOOewV6xvwya-gjbtP7W2eeY_g8Tk7n+w@mail.gmail.com>
 <FCE1DA6E-BC7C-49A3-A0D6-E0A3905A3DD2@uoregon.edu>
Message-ID: <CABbkjAh0QOuG=Nrhkb-1QRdZd=hkbeHhT9WMQh2OD=-pXoGADw@mail.gmail.com>

Hi Paul,

try running

INSERT IGNORE INTO user_project_rel SELECT u.ID, p.ProjectID FROM users u
JOIN Project p;

If that doesn't work, could you send us your project list ? (SELECT * FROM
Project)
Rida Abou-Haidar
Software Developer
Montreal Neurological Institute
McGill University
rida.abou-haidar at mcin.ca


On Mon, Jul 27, 2020 at 4:33 PM Paul Novak <pnovak2 at uoregon.edu> wrote:

> In the user_accounts module only one project is listed (it is some project
> named ?loris? that I don?t recall creating) and it is selected already. No
> other projects are listed, so I think that is another bug. How can a user
> change project associations if the list of projects is incomplete? See
> attached screenshot.
>
>
>
> How can I give this user access to ProjectID 2? I couldn?t find
> documentation on how to modify user_project_rel table, and I do not know
> what SQL command exactly needs to be issued. I don?t know if that is the
> only modification that needs to be done.
>
>
>
> Paul
>
>
>
> *From: *Dave MacFarlane <dave.macfarlane at mcin.ca>
> *Date: *Monday, July 27, 2020 at 11:00 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca"
> <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> That seems to be the cause of the problem, your user isn't affiliated with
> Project 2. Cecile's first hunch was right, but it's using the candidate's
> registration project, not the session. I think there's 2 issues:
>
>
>
> 1. I don't know why it's checking the candidate's registrationProjectID
> and not the session's projectID. This is a bug that we should fix in LORIS.
>
> 2. Your admin user should probably have access to ProjectID 2. You can
> adjust the project affiliations either in the user_accounts module or in the
>
> backend, if they are indeed supposed to be affiliated with that project.
>
>
>
> On Mon, Jul 27, 2020 at 1:44 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> The result of that query is:
>
>
>
> SELECT c.RegistrationProjectID from candidate c JOIN session s USING
> (CandID) WHERE s.ID=2;
>
> +-----------------------+
>
> | RegistrationProjectID |
>
> +-----------------------+
>
> |                     2 |
>
> +-----------------------+
>
>
>
> Paul
>
>
>
> *From: *Dave MacFarlane <dave.macfarlane at mcin.ca>
> *Date: *Monday, July 27, 2020 at 10:41 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca"
> <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> I was trying to determine which code path the hasAccess function is going
> down to trace through the code manually, but I was mistaken about the
> project. The access function seems to use the candidate's registration
> project, not the session's project.
>
>
>
> Based on it being 'Human' and the user having
> 'imaging_browser_view_allsites' it's still possible for the
> $user->hasProject check (which is enforced regardless of the
>
> site permission) to fail.
>
>
>
> Can you check the candidate's RegistrationProjectID? SELECT
> c.RegistrationProjectID from candidate c JOIN session s USING (CandID)
> WHERE s.ID=2
>
>
>
> On Mon, Jul 27, 2020 at 1:21 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> I am not able to edit as suggested.
>
>
>
> For the other checks:
>
>    1. Human
>    2. ProjectID = 1, CenterID = 2
>    3. The user with userID 1 has permissions [1,20] [22,25], [28,65]. Put
>    another way, the user has all permissions from 1 to 65, except the user
>    does not have permissions with IDs 21, 26 or 27. The missing permissions
>    appear to not exist (from permissions table).
>    4. User with userID 1 has CenterID 1 and 2, from table user_psc_rel.
>    5. Yes.
>
>
>
> I am guessing that you are trying to determine if the user has the site
> that the session is associated with, which it appears to be, and if the
> user has permissions to use imaging_browser, which I think it does.
> Following the module documentation:
> https://github.com/aces/Loris/tree/main/modules/imaging_browser
> <https://urldefense.com/v3/__https:/github.com/aces/Loris/tree/main/modules/imaging_browser__;!!C5qS4YX3!VrcBLT8Jq9zDw4cTtp1WcF0RDpwQZKmf65G7SB88Qh-kK54-9JUASHCPaVzoY5LroS4$>,
> this user has permissions:
>
> imaging_browser_view_allsites (View all-sites Imaging Browser pages
> imaging_browser_view_site (View own-site Imaging Browser pages)
> imaging_browser_phantom_allsites (Can access only phantom data from all
> sites in Imaging Browser
> imaging_browser_phantom_ownsite (Can access only phantom data from own
> site in Imaging Browser
> imaging_browser_qc (Edit imaging browser QC status)
>
> Paul
>
>
>
> *From: *Dave MacFarlane <dave.macfarlane at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:58 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca"
> <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hi Paul,
>
>
>
> The permissions for the imaging_browser are fairly complex because of the
> interactions between all site/own site/project/entity type permissions.
>
>
>
> If it's not production and you can modify the code, it might help to add
> error_log statements (which will print to your apache error log) in the
> function _hasAccess
>
> in modules/imaging_browser/php/viewsession.class.inc in order to narrow
> down exactly part of the criteria is causing it to return false.
>
>
>
> If you can't add debug statements, can you check:
>
>
>
> 1. Is the candidate a Human or Scanner entity type? (The query select
> Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2
> will tell you)
>
> 2. What is the project and site of the session? (SELECT ProjectID,
> CenterID FROM session WHERE ID=2)
>
> 3. What permissions does the user have in user_perm_rel? (The ones
> required will vary based on the results of the above queries)
>
> 4. What sites does the user have in user_psc_rel?
>
> 5. Are you sure that the user ID of the user is "1" (since that was the
> only user_project_rel permission result in your query..)?
>
>
>
> On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> I don?t understand what is meant by recent. This is a new installation
> using a released version.
>
>
>
> There is a single project and a single user.  The entire contents of
> user_project_rel are:
>
>
>
> select * from user_project_rel;
>
> +--------+-----------+
>
> | UserID | ProjectID |
>
> +--------+-----------+
>
> |      1 |         1 |
>
> +--------+-----------+
>
>
>
> Paul
>
>
>
> *From: *Cecile Madjar <cecile.madjar at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:01 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *"loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hello Paul,
>
>
>
> does your admin user have access to all projects in the table
> user_project_rel?
>
>
>
> In order for the user to see that page, it needs to have access to the
> project of the sessions. We recently added the project layer to LORIS so my
> guess would be that your admin user does not have the project of that
> session listed in his associated project in user_project_rel.
>
>
>
> Hope this helps,
>
>
>
> C?cile
>
>
>
> On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> Hello,
>
>
>
> After uploading images using the imaging_uploader module, I am trying to
> view the images through the imaging browser
> (imaging_browser/viewSession/?sessionID=2). However, that page always
> returns 403 Unauthorized and displays a standard ?You do not have access to
> this page? page. I am currently logged in as an admin user to LORIS and the
> list of permissions have all the permissions for imaging_browser module
> selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have
> any errors at the time I am trying to access this module. I am using LORIS
> 23.0.1.
>
>
>
> How can I view the images? What can I do to further troubleshoot this
> problem?
>
>
>
> Paul
>
>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!VlUQsuvElQeJl7SvZ5k1KYoB45nhq6LbALY-SXFa_kZsVkt1i7sRv0_Ougf72vFJDjs$>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/81ff502d/attachment-0001.html>

From pnovak2 at uoregon.edu  Mon Jul 27 19:34:12 2020
From: pnovak2 at uoregon.edu (Paul Novak)
Date: Mon, 27 Jul 2020 23:34:12 +0000
Subject: [Loris-dev] 403 Unauthorized when trying to use imaging_browser
In-Reply-To: <CABbkjAh0QOuG=Nrhkb-1QRdZd=hkbeHhT9WMQh2OD=-pXoGADw@mail.gmail.com>
References: <E235CA9B-7EE7-47D4-AE01-0D39D416EC58@uoregon.edu>
 <CAMkiY3doXx5mZCFpiM0g5S9ytoq6n3qA9HNjMx_AZPhjUoUMdg@mail.gmail.com>
 <DB9A314B-2B0D-4441-A6C8-FC0559EB7642@uoregon.edu>
 <CAN9cDwFch_pZmBDBswDFjz39R8kw6ek+V62TOBioWEfXJ5kx1A@mail.gmail.com>
 <C2EF9866-485F-410F-9B98-16CD61DF96CA@uoregon.edu>
 <CAN9cDwHbiaCAEWRXnHGjifZmqN6nAy_K_pOPVL1n0P3S1zvpKQ@mail.gmail.com>
 <E5E0B74B-58BF-4EEF-8383-2F54826218C5@uoregon.edu>
 <CAN9cDwH3EsmcvG_t1bOOewV6xvwya-gjbtP7W2eeY_g8Tk7n+w@mail.gmail.com>
 <FCE1DA6E-BC7C-49A3-A0D6-E0A3905A3DD2@uoregon.edu>
 <CABbkjAh0QOuG=Nrhkb-1QRdZd=hkbeHhT9WMQh2OD=-pXoGADw@mail.gmail.com>
Message-ID: <7D60BEF0-269E-4AF4-ADCB-789C4629B438@uoregon.edu>

This suggestion appears to work. I can now use the imaging_browser to see the uploaded images.

Thank you,
Paul

From: Rida Abou-Haidar <rida.abou-haidar at mcin.ca>
Date: Monday, July 27, 2020 at 1:47 PM
To: Paul Novak <pnovak2 at uoregon.edu>
Cc: Dave MacFarlane <dave.macfarlane at mcin.ca>, "loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hi Paul,

try running

INSERT IGNORE INTO user_project_rel SELECT u.ID, p.ProjectID FROM users u JOIN Project p;

If that doesn't work, could you send us your project list ? (SELECT * FROM Project)
Rida Abou-Haidar
Software Developer
Montreal Neurological Institute
McGill University
rida.abou-haidar at mcin.ca<mailto:rida.abou-haidar at mcin.ca>


On Mon, Jul 27, 2020 at 4:33 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
In the user_accounts module only one project is listed (it is some project named ?loris? that I don?t recall creating) and it is selected already. No other projects are listed, so I think that is another bug. How can a user change project associations if the list of projects is incomplete? See attached screenshot.

How can I give this user access to ProjectID 2? I couldn?t find documentation on how to modify user_project_rel table, and I do not know what SQL command exactly needs to be issued. I don?t know if that is the only modification that needs to be done.

Paul

From: Dave MacFarlane <dave.macfarlane at mcin.ca<mailto:dave.macfarlane at mcin.ca>>
Date: Monday, July 27, 2020 at 11:00 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>, "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

That seems to be the cause of the problem, your user isn't affiliated with Project 2. Cecile's first hunch was right, but it's using the candidate's registration project, not the session. I think there's 2 issues:

1. I don't know why it's checking the candidate's registrationProjectID and not the session's projectID. This is a bug that we should fix in LORIS.
2. Your admin user should probably have access to ProjectID 2. You can adjust the project affiliations either in the user_accounts module or in the
backend, if they are indeed supposed to be affiliated with that project.

On Mon, Jul 27, 2020 at 1:44 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
The result of that query is:

SELECT c.RegistrationProjectID from candidate c JOIN session s USING (CandID) WHERE s.ID=2;
+-----------------------+
| RegistrationProjectID |
+-----------------------+
|                     2 |
+-----------------------+

Paul

From: Dave MacFarlane <dave.macfarlane at mcin.ca<mailto:dave.macfarlane at mcin.ca>>
Date: Monday, July 27, 2020 at 10:41 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>, "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

I was trying to determine which code path the hasAccess function is going down to trace through the code manually, but I was mistaken about the project. The access function seems to use the candidate's registration project, not the session's project.

Based on it being 'Human' and the user having 'imaging_browser_view_allsites' it's still possible for the  $user->hasProject check (which is enforced regardless of the
site permission) to fail.

Can you check the candidate's RegistrationProjectID? SELECT c.RegistrationProjectID from candidate c JOIN session s USING (CandID) WHERE s.ID=2

On Mon, Jul 27, 2020 at 1:21 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
I am not able to edit as suggested.

For the other checks:

  1.  Human
  2.  ProjectID = 1, CenterID = 2
  3.  The user with userID 1 has permissions [1,20] [22,25], [28,65]. Put another way, the user has all permissions from 1 to 65, except the user does not have permissions with IDs 21, 26 or 27. The missing permissions appear to not exist (from permissions table).
  4.  User with userID 1 has CenterID 1 and 2, from table user_psc_rel.
  5.  Yes.

I am guessing that you are trying to determine if the user has the site that the session is associated with, which it appears to be, and if the user has permissions to use imaging_browser, which I think it does. Following the module documentation: https://github.com/aces/Loris/tree/main/modules/imaging_browser<https://urldefense.com/v3/__https:/github.com/aces/Loris/tree/main/modules/imaging_browser__;!!C5qS4YX3!VrcBLT8Jq9zDw4cTtp1WcF0RDpwQZKmf65G7SB88Qh-kK54-9JUASHCPaVzoY5LroS4$>, this user has permissions:

imaging_browser_view_allsites (View all-sites Imaging Browser pages
imaging_browser_view_site (View own-site Imaging Browser pages)
imaging_browser_phantom_allsites (Can access only phantom data from all sites in Imaging Browser
imaging_browser_phantom_ownsite (Can access only phantom data from own site in Imaging Browser
imaging_browser_qc (Edit imaging browser QC status)
Paul

From: Dave MacFarlane <dave.macfarlane at mcin.ca<mailto:dave.macfarlane at mcin.ca>>
Date: Monday, July 27, 2020 at 9:58 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>, "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hi Paul,

The permissions for the imaging_browser are fairly complex because of the interactions between all site/own site/project/entity type permissions.

If it's not production and you can modify the code, it might help to add error_log statements (which will print to your apache error log) in the function _hasAccess
in modules/imaging_browser/php/viewsession.class.inc in order to narrow down exactly part of the criteria is causing it to return false.

If you can't add debug statements, can you check:

1. Is the candidate a Human or Scanner entity type? (The query select Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2 will tell you)
2. What is the project and site of the session? (SELECT ProjectID, CenterID FROM session WHERE ID=2)
3. What permissions does the user have in user_perm_rel? (The ones required will vary based on the results of the above queries)
4. What sites does the user have in user_psc_rel?
5. Are you sure that the user ID of the user is "1" (since that was the only user_project_rel permission result in your query..)?

On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
I don?t understand what is meant by recent. This is a new installation using a released version.

There is a single project and a single user.  The entire contents of user_project_rel are:

select * from user_project_rel;
+--------+-----------+
| UserID | ProjectID |
+--------+-----------+
|      1 |         1 |
+--------+-----------+

Paul

From: Cecile Madjar <cecile.madjar at mcin.ca<mailto:cecile.madjar at mcin.ca>>
Date: Monday, July 27, 2020 at 9:01 AM
To: Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>>
Cc: "loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>" <loris-dev at bic.mni.mcgill.ca<mailto:loris-dev at bic.mni.mcgill.ca>>
Subject: Re: [Loris-dev] 403 Unauthorized when trying to use imaging_browser

Hello Paul,

does your admin user have access to all projects in the table user_project_rel?

In order for the user to see that page, it needs to have access to the project of the sessions. We recently added the project layer to LORIS so my guess would be that your admin user does not have the project of that session listed in his associated project in user_project_rel.

Hope this helps,

C?cile

On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu<mailto:pnovak2 at uoregon.edu>> wrote:
Hello,

After uploading images using the imaging_uploader module, I am trying to view the images through the imaging browser (imaging_browser/viewSession/?sessionID=2). However, that page always returns 403 Unauthorized and displays a standard ?You do not have access to this page? page. I am currently logged in as an admin user to LORIS and the list of permissions have all the permissions for imaging_browser module selected or enabled. The loris-error.log in /var/log/apache2/ doesn?t have any errors at the time I am trying to access this module. I am using LORIS 23.0.1.

How can I view the images? What can I do to further troubleshoot this problem?

Paul

_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!VlUQsuvElQeJl7SvZ5k1KYoB45nhq6LbALY-SXFa_kZsVkt1i7sRv0_Ougf72vFJDjs$>
_______________________________________________
Loris-dev mailing list
Loris-dev at bic.mni.mcgill.ca<mailto:Loris-dev at bic.mni.mcgill.ca>
https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev<https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!UmYhDsN0OSUqs5wCQL9F4nzGvtQrxeatIoKdWaNKXFPwCMwFXOxRcimE9JkVWRcO7gw$>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/f61e6f4a/attachment-0001.html>