OpenHumans/quantified-flu

Symptom heatmap on personal list

Closed this issue · 0 comments

gedankenstuecke commented

Currently the Symptom heatmap does not load on the personal symptom report URL (https://quantifiedflu.org/report/list) if the data is not made public. If the data is made public it works without a problem though (see screenshots below).

This is probably due to the fact that the call made to the JSON endpoint to get the data does not contain the user session details that are needed for accessing the private data. Here's the server log when trying to fetch the private data:

4:20:10 PM web.1    |  WARNING:django.request:Forbidden (Permission denied): /report/list/member/07797236.json
4:20:10 PM web.1    |  Traceback (most recent call last):
4:20:10 PM web.1    |    File "/Users/bastian/.local/share/virtualenvs/quantified-flu-eHL-Yns6/lib/python3.6/site-packages/django/core/handlers/exception.py", line 34, in inner
4:20:10 PM web.1    |      response = get_response(request)
4:20:10 PM web.1    |    File "/Users/bastian/.local/share/virtualenvs/quantified-flu-eHL-Yns6/lib/python3.6/site-packages/django/core/handlers/base.py", line 115, in _get_response
4:20:10 PM web.1    |      response = self.process_exception_by_middleware(e, request)
4:20:10 PM web.1    |    File "/Users/bastian/.local/share/virtualenvs/quantified-flu-eHL-Yns6/lib/python3.6/site-packages/django/core/handlers/base.py", line 113, in _get_response
4:20:10 PM web.1    |      response = wrapped_callback(request, *callback_args, **callback_kwargs)
4:20:10 PM web.1    |    File "/Users/bastian/.local/share/virtualenvs/quantified-flu-eHL-Yns6/lib/python3.6/site-packages/django/views/generic/base.py", line 71, in view
4:20:10 PM web.1    |      return self.dispatch(request, *args, **kwargs)
4:20:10 PM web.1    |    File "/Users/bastian/.local/share/virtualenvs/quantified-flu-eHL-Yns6/lib/python3.6/site-packages/django/views/generic/base.py", line 97, in dispatch
4:20:10 PM web.1    |      return handler(request, *args, **kwargs)
4:20:10 PM web.1    |    File "/Users/bastian/dev/quantified-flu/reports/views.py", line 193, in get
4:20:10 PM web.1    |      raise PermissionDenied
4:20:10 PM web.1    |  django.core.exceptions.PermissionDenied

I'm not sure how the request here would need to be changed in order to send the necessary data right now though, but it's something to look into.

Screenshot 2020-05-25 at 16 32 21
Screenshot 2020-05-25 at 16 33 36