Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users are not authorized to view Cohort Pathway executions #2919

Open
t-abdul-basser opened this issue Mar 12, 2024 · 2 comments
Open

Users are not authorized to view Cohort Pathway executions #2919

t-abdul-basser opened this issue Mar 12, 2024 · 2 comments

Comments

@t-abdul-basser
Copy link
Contributor

t-abdul-basser commented Mar 12, 2024
edited
Loading

Expected behavior

Users are authorized to view Cohort Pathway executions and can view them.

Actual behavior

Users are not authorized to view Cohort Pathway executions and can not view them.

Steps to reproduce behavior

  1. Login to Atlas
  2. In Cohort Pathway > Execution, click on View latest result or Executions
  3. Failed authorized popover message appears.

Error Message:

See no. 3 above.

Supporting Materials:

Version: Atlas 2.14.1
Environment: Linux/Kubernetes (Kind Cluster)

Is this something that you have come across before @anthonysena @chrisknoll?
@chrisknoll
Copy link
Collaborator

I've made some PRs to optimize permissions and support wildcard perms, but it's not in a hotfix (or otherwise) release. The 2.14 version of atlas you're using had a fix related to refesh token, but I am not sure if that would impact you here (refresh token is called when you create an entity and you need to update permissions for the new item).

In java console, can you confirm if it says the requested URI got a 403 result (that would be an auth error).

A more involved approach: we can debug the client side code but the 'bundled' form is a bit harder to debug...if you have a dev environment that you can reproduce, then that would be easier, but if you want to do something to trace code in your live environment, you can change some things on your server to run in non-bundled mode so you can set breakpoints easier.

To do that, just change the following (from https://github.com/OHDSI/Atlas/blob/master/index.html#L118):

	<!-- non-bundled mode -->
	<script data-main="js/main" src="js/require.js"></script>

	<!-- bundled mode -->
	<!-- <script data-main="js/assets/bundle/bundle" src="js/require.js"></script>-->

If you swap the HTML comment to comment out the bundled mode and uncomment non-bundled (as shown above) you should get the App downloaded in non-bundled state letting you set breakpoints.

The security checks are performed in authAPI.js.

However! Looking through this code, I can't seem to find anything related to CohortPathways which might mean that Pathways is doing something different than the other pages (sadface) so....if you can do the above steps to get the specific place where the permission check is failing, that can help us figure out where to start on a fix.

@t-abdul-basser
Copy link
Contributor Author

t-abdul-basser commented Mar 21, 2024
edited
Loading

Thanks @chrisknoll: I have begun to trace this. I will reach out again shortly. Thanks again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrisknoll @t-abdul-basser