[Loris-dev] 403 Unauthorized when trying to use imaging_browser

Mon Jul 27 12:58:07 EDT 2020

Hi Paul,

The permissions for the imaging_browser are fairly complex because of the
interactions between all site/own site/project/entity type permissions.

If it's not production and you can modify the code, it might help to add
error_log statements (which will print to your apache error log) in the
function _hasAccess
in modules/imaging_browser/php/viewsession.class.inc in order to narrow
down exactly part of the criteria is causing it to return false.

If you can't add debug statements, can you check:

1. Is the candidate a Human or Scanner entity type? (The query select
Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2
will tell you)
2. What is the project and site of the session? (SELECT ProjectID, CenterID
FROM session WHERE ID=2)
3. What permissions does the user have in user_perm_rel? (The ones required
will vary based on the results of the above queries)
4. What sites does the user have in user_psc_rel?
5. Are you sure that the user ID of the user is "1" (since that was the
only user_project_rel permission result in your query..)?

On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu> wrote:

> I don’t understand what is meant by recent. This is a new installation
> using a released version.
>
>
>
> There is a single project and a single user.  The entire contents of
> user_project_rel are:
>
>
>
> select * from user_project_rel;
>
> +--------+-----------+
>
> | UserID | ProjectID |
>
> +--------+-----------+
>
> |      1 |         1 |
>
> +--------+-----------+
>
>
>
> Paul
>
>
>
> *From: *Cecile Madjar <cecile.madjar at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:01 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *"loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hello Paul,
>
>
>
> does your admin user have access to all projects in the table
> user_project_rel?
>
>
>
> In order for the user to see that page, it needs to have access to the
> project of the sessions. We recently added the project layer to LORIS so my
> guess would be that your admin user does not have the project of that
> session listed in his associated project in user_project_rel.
>
>
>
> Hope this helps,
>
>
>
> Cécile
>
>
>
> On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> Hello,
>
>
>
> After uploading images using the imaging_uploader module, I am trying to
> view the images through the imaging browser
> (imaging_browser/viewSession/?sessionID=2). However, that page always
> returns 403 Unauthorized and displays a standard “You do not have access to
> this page” page. I am currently logged in as an admin user to LORIS and the
> list of permissions have all the permissions for imaging_browser module
> selected or enabled. The loris-error.log in /var/log/apache2/ doesn’t have
> any errors at the time I am trying to access this module. I am using LORIS
> 23.0.1.
>
>
>
> How can I view the images? What can I do to further troubleshoot this
> problem?
>
>
>
> Paul
>
>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/170adf59/attachment-0001.html>