no error shown when user didn't have permission to delete or add a release

RESOLVED DUPLICATE of bug 1336452

Status

P3
normal
RESOLVED DUPLICATE of bug 1336452
2 years ago
a year ago

People

(Reporter: bhearsum, Unassigned, Mentored)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [lang=js][good first bug][ready])

(Reporter)

Description

2 years ago
sfraser recently tried to add and delete a release in Balrog before he was granted permission. It didn't let him, but it also didn't show any useful error, just "Form submission error".

AFAICT, we return a 403 with a useful error message in this case, but the message doesn't end up anywhere in the UI. This may be broken for other types of changes, too.
(Reporter)

Updated

2 years ago
Priority: -- → P3
Whiteboard: [lang=js][good first bug] → [lang=js][good first bug][ready]

Comment 1

2 years ago
Hi Ben, 

Would it be ok if I took this up as my first bug ? It would be great if you could let me know the steps I would need to follow to reproduce this issue and also where I could discuss any queries that I have while resolving the bug.
Flags: needinfo?(bhearsum)
(Reporter)

Comment 2

2 years ago
(In reply to sshru from comment #1)
> Hi Ben, 
> 
> Would it be ok if I took this up as my first bug ? It would be great if you
> could let me know the steps I would need to follow to reproduce this issue
> and also where I could discuss any queries that I have while resolving the
> bug.

Yup, this is a good first bug.

Reproducing it is going to be a little tricky, but try the following:
1) Start up the development environment (http://mozilla-balrog.readthedocs.io/en/latest/contribute.html#usage)
2) Find the "Firefox-40.0.3-build1" release (http://localhost:8080/releases#Firefox-40), download it, then delete it.
3) Adjust your permissions so that you no longer have write access to Firefox Releases
3a) Go to http://localhost:8080/permissions
3b) Click "Update"
3c) Under "Current Permissions" enter '{"products": ["Fennec"]}' in the text field, then click "Save Changes".
4) Now try to re-add the "Firefox-40.0.3-build1" release.
4a) Go to http://localhost:8080/releases
4b) Click "Add a new Release"
4c) Click "Browse" and select the "Firefox-40.0.3-build1.json" that you downloaded earlier
4d) Enter "Firefox" for the product, and click "Save Changes".

You should see a big "Form Submission Error", but with no useful details. If you open the Developer Tools and look at the POST request in the Network tab, you'll see that there *is* a response returned that talks about Permission Denied.

If you have more questions or any trouble, the best way to get in contact is on IRC (irc://irc.mozilla.org/#balrog). There's a few different that should be able to help you out.
Assignee: nobody → gopalswamyshruthi
Flags: needinfo?(bhearsum)

Comment 3

2 years ago
(In reply to Ben Hearsum (:bhearsum) from comment #2)
> (In reply to sshru from comment #1)
> > Hi Ben, 
> > 
> > Would it be ok if I took this up as my first bug ? It would be great if you
> > could let me know the steps I would need to follow to reproduce this issue
> > and also where I could discuss any queries that I have while resolving the
> > bug.
> 
> Yup, this is a good first bug.
> 
> Reproducing it is going to be a little tricky, but try the following:
> 1) Start up the development environment
> (http://mozilla-balrog.readthedocs.io/en/latest/contribute.html#usage)
> 2) Find the "Firefox-40.0.3-build1" release
> (http://localhost:8080/releases#Firefox-40), download it, then delete it.
> 3) Adjust your permissions so that you no longer have write access to
> Firefox Releases
> 3a) Go to http://localhost:8080/permissions
> 3b) Click "Update"
> 3c) Under "Current Permissions" enter '{"products": ["Fennec"]}' in the text
> field, then click "Save Changes".
> 4) Now try to re-add the "Firefox-40.0.3-build1" release.
> 4a) Go to http://localhost:8080/releases
> 4b) Click "Add a new Release"
> 4c) Click "Browse" and select the "Firefox-40.0.3-build1.json" that you
> downloaded earlier
> 4d) Enter "Firefox" for the product, and click "Save Changes".
> 
> You should see a big "Form Submission Error", but with no useful details. If
> you open the Developer Tools and look at the POST request in the Network
> tab, you'll see that there *is* a response returned that talks about
> Permission Denied.
> 
> If you have more questions or any trouble, the best way to get in contact is
> on IRC (irc://irc.mozilla.org/#balrog). There's a few different that should
> be able to help you out.

Thank you for the information. I will start working on it.
(Reporter)

Comment 4

a year ago
Are you still planning to look at this?
Flags: needinfo?(gopalswamyshruthi)

Comment 5

a year ago
(In reply to Ben Hearsum (:bhearsum) from comment #4)
> Are you still planning to look at this?

Hi Ben,

I did not get a chance to work on the bug. I was facing some issues with the environment setup. I would like to resume working on it tomorrow. Would that be okay?
(Reporter)

Comment 6

a year ago
(In reply to sshru from comment #5)
> (In reply to Ben Hearsum (:bhearsum) from comment #4)
> > Are you still planning to look at this?
> 
> Hi Ben,
> 
> I did not get a chance to work on the bug. I was facing some issues with the
> environment setup. I would like to resume working on it tomorrow. Would that
> be okay?

Yep, that's totally fine. Just let us know if you need some help getting set up.
Flags: needinfo?(gopalswamyshruthi)
(Reporter)

Comment 7

a year ago
Shruti, are you still planning to look at this?
Flags: needinfo?(gopalswamyshruthi)
(Reporter)

Comment 8

a year ago
Unassigning due to inactivity. If you want to pick it up again, feel free to.
Assignee: gopalswamyshruthi → nobody
Flags: needinfo?(gopalswamyshruthi)
(Reporter)

Comment 9

a year ago
This was fixed by bug 1336452.
Mentor: bhearsum
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1336452
You need to log in before you can comment on or make changes to this bug.