[Loris-dev] 403 Unauthorized when trying to use imaging_browser
Rida Abou-Haidar
rida.abou-haidar at mcin.ca
Mon Jul 27 16:47:11 EDT 2020
Hi Paul,
try running
INSERT IGNORE INTO user_project_rel SELECT u.ID, p.ProjectID FROM users u
JOIN Project p;
If that doesn't work, could you send us your project list ? (SELECT * FROM
Project)
Rida Abou-Haidar
Software Developer
Montreal Neurological Institute
McGill University
rida.abou-haidar at mcin.ca
On Mon, Jul 27, 2020 at 4:33 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
> In the user_accounts module only one project is listed (it is some project
> named “loris” that I don’t recall creating) and it is selected already. No
> other projects are listed, so I think that is another bug. How can a user
> change project associations if the list of projects is incomplete? See
> attached screenshot.
>
>
>
> How can I give this user access to ProjectID 2? I couldn’t find
> documentation on how to modify user_project_rel table, and I do not know
> what SQL command exactly needs to be issued. I don’t know if that is the
> only modification that needs to be done.
>
>
>
> Paul
>
>
>
> *From: *Dave MacFarlane <dave.macfarlane at mcin.ca>
> *Date: *Monday, July 27, 2020 at 11:00 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca"
> <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> That seems to be the cause of the problem, your user isn't affiliated with
> Project 2. Cecile's first hunch was right, but it's using the candidate's
> registration project, not the session. I think there's 2 issues:
>
>
>
> 1. I don't know why it's checking the candidate's registrationProjectID
> and not the session's projectID. This is a bug that we should fix in LORIS.
>
> 2. Your admin user should probably have access to ProjectID 2. You can
> adjust the project affiliations either in the user_accounts module or in the
>
> backend, if they are indeed supposed to be affiliated with that project.
>
>
>
> On Mon, Jul 27, 2020 at 1:44 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> The result of that query is:
>
>
>
> SELECT c.RegistrationProjectID from candidate c JOIN session s USING
> (CandID) WHERE s.ID=2;
>
> +-----------------------+
>
> | RegistrationProjectID |
>
> +-----------------------+
>
> | 2 |
>
> +-----------------------+
>
>
>
> Paul
>
>
>
> *From: *Dave MacFarlane <dave.macfarlane at mcin.ca>
> *Date: *Monday, July 27, 2020 at 10:41 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca"
> <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> I was trying to determine which code path the hasAccess function is going
> down to trace through the code manually, but I was mistaken about the
> project. The access function seems to use the candidate's registration
> project, not the session's project.
>
>
>
> Based on it being 'Human' and the user having
> 'imaging_browser_view_allsites' it's still possible for the
> $user->hasProject check (which is enforced regardless of the
>
> site permission) to fail.
>
>
>
> Can you check the candidate's RegistrationProjectID? SELECT
> c.RegistrationProjectID from candidate c JOIN session s USING (CandID)
> WHERE s.ID=2
>
>
>
> On Mon, Jul 27, 2020 at 1:21 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> I am not able to edit as suggested.
>
>
>
> For the other checks:
>
> 1. Human
> 2. ProjectID = 1, CenterID = 2
> 3. The user with userID 1 has permissions [1,20] [22,25], [28,65]. Put
> another way, the user has all permissions from 1 to 65, except the user
> does not have permissions with IDs 21, 26 or 27. The missing permissions
> appear to not exist (from permissions table).
> 4. User with userID 1 has CenterID 1 and 2, from table user_psc_rel.
> 5. Yes.
>
>
>
> I am guessing that you are trying to determine if the user has the site
> that the session is associated with, which it appears to be, and if the
> user has permissions to use imaging_browser, which I think it does.
> Following the module documentation:
> https://github.com/aces/Loris/tree/main/modules/imaging_browser
> <https://urldefense.com/v3/__https:/github.com/aces/Loris/tree/main/modules/imaging_browser__;!!C5qS4YX3!VrcBLT8Jq9zDw4cTtp1WcF0RDpwQZKmf65G7SB88Qh-kK54-9JUASHCPaVzoY5LroS4$>,
> this user has permissions:
>
> imaging_browser_view_allsites (View all-sites Imaging Browser pages
> imaging_browser_view_site (View own-site Imaging Browser pages)
> imaging_browser_phantom_allsites (Can access only phantom data from all
> sites in Imaging Browser
> imaging_browser_phantom_ownsite (Can access only phantom data from own
> site in Imaging Browser
> imaging_browser_qc (Edit imaging browser QC status)
>
> Paul
>
>
>
> *From: *Dave MacFarlane <dave.macfarlane at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:58 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *Cecile Madjar <cecile.madjar at mcin.ca>, "loris-dev at bic.mni.mcgill.ca"
> <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hi Paul,
>
>
>
> The permissions for the imaging_browser are fairly complex because of the
> interactions between all site/own site/project/entity type permissions.
>
>
>
> If it's not production and you can modify the code, it might help to add
> error_log statements (which will print to your apache error log) in the
> function _hasAccess
>
> in modules/imaging_browser/php/viewsession.class.inc in order to narrow
> down exactly part of the criteria is causing it to return false.
>
>
>
> If you can't add debug statements, can you check:
>
>
>
> 1. Is the candidate a Human or Scanner entity type? (The query select
> Entity_type FROM session JOIN candidate USING (CandID) Where session.ID=2
> will tell you)
>
> 2. What is the project and site of the session? (SELECT ProjectID,
> CenterID FROM session WHERE ID=2)
>
> 3. What permissions does the user have in user_perm_rel? (The ones
> required will vary based on the results of the above queries)
>
> 4. What sites does the user have in user_psc_rel?
>
> 5. Are you sure that the user ID of the user is "1" (since that was the
> only user_project_rel permission result in your query..)?
>
>
>
> On Mon, Jul 27, 2020 at 12:19 PM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> I don’t understand what is meant by recent. This is a new installation
> using a released version.
>
>
>
> There is a single project and a single user. The entire contents of
> user_project_rel are:
>
>
>
> select * from user_project_rel;
>
> +--------+-----------+
>
> | UserID | ProjectID |
>
> +--------+-----------+
>
> | 1 | 1 |
>
> +--------+-----------+
>
>
>
> Paul
>
>
>
> *From: *Cecile Madjar <cecile.madjar at mcin.ca>
> *Date: *Monday, July 27, 2020 at 9:01 AM
> *To: *Paul Novak <pnovak2 at uoregon.edu>
> *Cc: *"loris-dev at bic.mni.mcgill.ca" <loris-dev at bic.mni.mcgill.ca>
> *Subject: *Re: [Loris-dev] 403 Unauthorized when trying to use
> imaging_browser
>
>
>
> Hello Paul,
>
>
>
> does your admin user have access to all projects in the table
> user_project_rel?
>
>
>
> In order for the user to see that page, it needs to have access to the
> project of the sessions. We recently added the project layer to LORIS so my
> guess would be that your admin user does not have the project of that
> session listed in his associated project in user_project_rel.
>
>
>
> Hope this helps,
>
>
>
> Cécile
>
>
>
> On Mon, Jul 27, 2020 at 11:45 AM Paul Novak <pnovak2 at uoregon.edu> wrote:
>
> Hello,
>
>
>
> After uploading images using the imaging_uploader module, I am trying to
> view the images through the imaging browser
> (imaging_browser/viewSession/?sessionID=2). However, that page always
> returns 403 Unauthorized and displays a standard “You do not have access to
> this page” page. I am currently logged in as an admin user to LORIS and the
> list of permissions have all the permissions for imaging_browser module
> selected or enabled. The loris-error.log in /var/log/apache2/ doesn’t have
> any errors at the time I am trying to access this module. I am using LORIS
> 23.0.1.
>
>
>
> How can I view the images? What can I do to further troubleshoot this
> problem?
>
>
>
> Paul
>
>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!RaUzKf_Ejz14svGcpy9OTpb33FxMa3Q_EYqoakIc0ZWCERS9DVPy5AAlZpVsQM0YeUQ$>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
> <https://urldefense.com/v3/__https:/mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev__;!!C5qS4YX3!VlUQsuvElQeJl7SvZ5k1KYoB45nhq6LbALY-SXFa_kZsVkt1i7sRv0_Ougf72vFJDjs$>
>
> _______________________________________________
> Loris-dev mailing list
> Loris-dev at bic.mni.mcgill.ca
> https://mailman.bic.mni.mcgill.ca/mailman/listinfo/loris-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bic.mni.mcgill.ca/pipermail/loris-dev/attachments/20200727/81ff502d/attachment-0001.html>
More information about the Loris-dev
mailing list