Skip to content

user with no accessGroup read perms can create hashlist#613

Open
LuffyNoNika wants to merge 4 commits intomasterfrom
1955-bug-not-possible-to-create-objects-when-no-accesgroup-read-permission
Open

user with no accessGroup read perms can create hashlist#613
LuffyNoNika wants to merge 4 commits intomasterfrom
1955-bug-not-possible-to-create-objects-when-no-accesgroup-read-permission

Conversation

@LuffyNoNika
Copy link
Copy Markdown
Contributor

@LuffyNoNika LuffyNoNika commented Mar 31, 2026

Changed files:

  1. hashlist-role.service.ts: Removed Perm.GroupAccess.READ from the "create" role so users without that permission can still create hashlists.

  2. new-hashlist.component.ts: Fetches access grups via getRelationships (user-scoped) with X-Skip-Error-Dialog: true to suppress the 403 toast. Falls back to a disabled "Default" access group (ID 1) on error or empty response.

  3. main.service.ts: Added optional "options" parameter to getRelationships to support passing custom HTTP headers (needed for the 403 suppression above).

  4. specs verify that getRelationships is called with tthe error-dialog: true header + some additional regression tests.

Note: new-files.component.ts suffers from the same bug. It fetched access groups via getAll(SERV.ACCESS_GROUPS), which also fails with 403 for users without permAccessGroupRead. The same fallback pattern was applied for consistency, along with a minor fix found during testing: successful imports from the server import directory didn't redirect back to the file list. Since creating a hashlist requires uploading a hash source (file), it makes sense to me to apply the same fix here.

@LuffyNoNika LuffyNoNika linked an issue Mar 31, 2026 that may be closed by this pull request
[BUG]: not possible to create objects when no accesgroup read permission hashtopolis/server#1955
Open
@LuffyNoNika LuffyNoNika marked this pull request as draft March 31, 2026 08:27
@LuffyNoNika LuffyNoNika marked this pull request as ready for review March 31, 2026 10:26
@LuffyNoNika
Copy link
Copy Markdown
Contributor Author

LuffyNoNika commented Mar 31, 2026

Changes related to agent creation with no access group read perms:

  1. agent-role.service.ts: Same change done in hashlist-role.services.ts

  2. new-agent.component.ts: Injects PermissionService to check agent binary read perm at init time. This is a necessary companion to the role fix: once users without agent binary read perm access the page, step 1 would trigger a 403 API call crashing the component. The permission check allows the page to render gracefully without that call. This is an additional fix to the issue, not the main one. The main one (user with no access group read perm can create an agent) would be fixed only with the changes in agent-role.service.ts.

  3. new-agent.component.html: rendering options depending on the user having binary read permissions or not.

  4. new-agent.component.spec.ts has 3 new tests about lack of accessgroup.read permission and agentbinary.read.permission (voucher creation, no API call during agent creation and bainary table not rendered).

@LuffyNoNika
Copy link
Copy Markdown
Contributor Author

LuffyNoNika commented Apr 14, 2026

Last commit 95af08c adapts new-hashlist.component.spec to the deserialization to Zod schema and includes jsonapi field required by Zod validation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gpascal123 gpascal123 Awaiting requested review from gpascal123

@cv5ch cv5ch Awaiting requested review from cv5ch

@correct-horse-battery-bench correct-horse-battery-bench Awaiting requested review from correct-horse-battery-bench

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG]: not possible to create objects when no accesgroup read permission

1 participant

@LuffyNoNika