The secrets of all the users having access to the resource are required #484
Comments
|
I tried to create a new record with the same permissions an there is a difference in the database: old record: new record: so there are two users missing! we expanded the group "allgemein" after creating the records with two more users, maybere there is/was a bug and the system did not create those missing accounts when we added them to the group!? |
|
Hey @grufocom, sorry for the delay. |
secrets_provided
-- Operating system: Ubuntu 22.04
-- PHP: 8.1
-- Web server: nginx 1.18.0
-- Database server: mariadb 10.6.12
What you did
tried to add a new user to a resource, the resource has already granted access for the api-user and an group
What happened
we get the error message above: 400 The secrets of all the users having access to the resource are required
What you expected to happen
the new user should get access granted
we have got 2 permissions in the database for this record:
MariaDB [passboltdb]> select * from permissions where aco_foreign_key="b68f85d7-2963-4c1c-ba60-ab969a0a0354";
+--------------------------------------+----------+--------------------------------------+-------+--------------------------------------+------+---------------------+---------------------+
| id | aco | aco_foreign_key | aro | aro_foreign_key | type | created | modified |
+--------------------------------------+----------+--------------------------------------+-------+--------------------------------------+------+---------------------+---------------------+
| aa4ff85f-1cde-4015-bd32-eff9dcee7986 | Resource | b68f85d7-2963-4c1c-ba60-ab969a0a0354 | Group | e9f0ce33-7b52-4f67-b89a-d797e0c3c8ed | 15 | 2022-12-20 08:30:21 | 2022-12-20 08:30:21 |
| f99c7bff-0644-492c-8deb-a4e9cc273d4f | Resource | b68f85d7-2963-4c1c-ba60-ab969a0a0354 | User | fd848340-9168-46e7-b9c7-492946cefe2f | 15 | 2023-02-14 14:01:30 | 2023-02-14 14:01:30 |
+--------------------------------------+----------+--------------------------------------+-------+--------------------------------------+------+---------------------+---------------------+
when I try to add one more user I get this error (expanded the source code a little bit to see which ressource drops that error):
{
"code": 400,
"body": {
"secrets": {
"secrets_provided": "The secrets of all the users having access to the resource are required. recourse-id b68f85d7-2963-4c1c-ba60-ab969a0a0354 | usersIdsHavingAccess: ed7a9fde-c62b-4f36-8db1-dd7797b8595e !== usersIdsHavingASecret: "
}
}
}
So it seems that there is no secret for the user with the id ed7a9fde-c62b-4f36-8db1-dd7797b8595e
When I select that user from the secrets-table I see this:
MariaDB [passboltdb]> select id, user_id, resource_id from secrets where user_id="ed7a9fde-c62b-4f36-8db1-dd7797b8595e" and resource_id="b68f85d7-2963-4c1c-ba60-ab969a0a0354";
+--------------------------------------+--------------------------------------+--------------------------------------+
| id | user_id | resource_id |
+--------------------------------------+--------------------------------------+--------------------------------------+
| b63f6dfe-2485-424f-926e-740511fec842 | ed7a9fde-c62b-4f36-8db1-dd7797b8595e | b68f85d7-2963-4c1c-ba60-ab969a0a0354 |
+--------------------------------------+--------------------------------------+--------------------------------------+
In the data field there is a PGP-Message.
./bin/cake passbolt cleanup -> all OK
./bin/cake passbolt datacheck -> all OK
./bin/cake passbolt datacheck -> all OK
The text was updated successfully, but these errors were encountered: