The secrets of all the users having access to the resource are required
grufocom opened this issue · 4 comments
secrets_provided
- Passbolt Version: 4.0.2
- Platform and Target:
-- Operating system: Ubuntu 22.04
-- PHP: 8.1
-- Web server: nginx 1.18.0
-- Database server: mariadb 10.6.12
What you did
tried to add a new user to a resource, the resource has already granted access for the api-user and an group
What happened
we get the error message above: 400 The secrets of all the users having access to the resource are required
What you expected to happen
the new user should get access granted
we have got 2 permissions in the database for this record:
MariaDB [passboltdb]> select * from permissions where aco_foreign_key="b68f85d7-2963-4c1c-ba60-ab969a0a0354";
+--------------------------------------+----------+--------------------------------------+-------+--------------------------------------+------+---------------------+---------------------+
| id | aco | aco_foreign_key | aro | aro_foreign_key | type | created | modified |
+--------------------------------------+----------+--------------------------------------+-------+--------------------------------------+------+---------------------+---------------------+
| aa4ff85f-1cde-4015-bd32-eff9dcee7986 | Resource | b68f85d7-2963-4c1c-ba60-ab969a0a0354 | Group | e9f0ce33-7b52-4f67-b89a-d797e0c3c8ed | 15 | 2022-12-20 08:30:21 | 2022-12-20 08:30:21 |
| f99c7bff-0644-492c-8deb-a4e9cc273d4f | Resource | b68f85d7-2963-4c1c-ba60-ab969a0a0354 | User | fd848340-9168-46e7-b9c7-492946cefe2f | 15 | 2023-02-14 14:01:30 | 2023-02-14 14:01:30 |
+--------------------------------------+----------+--------------------------------------+-------+--------------------------------------+------+---------------------+---------------------+
when I try to add one more user I get this error (expanded the source code a little bit to see which ressource drops that error):
{
"code": 400,
"body": {
"secrets": {
"secrets_provided": "The secrets of all the users having access to the resource are required. recourse-id b68f85d7-2963-4c1c-ba60-ab969a0a0354 | usersIdsHavingAccess: ed7a9fde-c62b-4f36-8db1-dd7797b8595e !== usersIdsHavingASecret: "
}
}
}
So it seems that there is no secret for the user with the id ed7a9fde-c62b-4f36-8db1-dd7797b8595e
When I select that user from the secrets-table I see this:
MariaDB [passboltdb]> select id, user_id, resource_id from secrets where user_id="ed7a9fde-c62b-4f36-8db1-dd7797b8595e" and resource_id="b68f85d7-2963-4c1c-ba60-ab969a0a0354";
+--------------------------------------+--------------------------------------+--------------------------------------+
| id | user_id | resource_id |
+--------------------------------------+--------------------------------------+--------------------------------------+
| b63f6dfe-2485-424f-926e-740511fec842 | ed7a9fde-c62b-4f36-8db1-dd7797b8595e | b68f85d7-2963-4c1c-ba60-ab969a0a0354 |
+--------------------------------------+--------------------------------------+--------------------------------------+
In the data field there is a PGP-Message.
./bin/cake passbolt cleanup -> all OK
./bin/cake passbolt datacheck -> all OK
./bin/cake passbolt datacheck -> all OK
I tried to create a new record with the same permissions an there is a difference in the database:
old record:
MariaDB [passboltdb]> select id, user_id, resource_id from secrets where resource_id="f4c7947a-0e18-4185-add6-e122e4a5a883";
+--------------------------------------+--------------------------------------+--------------------------------------+
| id | user_id | resource_id |
+--------------------------------------+--------------------------------------+--------------------------------------+
| 9e7ef010-60a1-48bc-8ce8-05e5510530f3 | 093f2fcf-cdfc-454d-a319-77211f1cf94d | f4c7947a-0e18-4185-add6-e122e4a5a883 |
| af0cc50f-5bbf-4497-b691-b619e5684b39 | ed7a9fde-c62b-4f36-8db1-dd7797b8595e | f4c7947a-0e18-4185-add6-e122e4a5a883 |
+--------------------------------------+--------------------------------------+--------------------------------------+
new record:
MariaDB [passboltdb]> select id, user_id, resource_id from secrets where resource_id="beb4960a-8993-4d3f-9b4d-0068b9de2791";
+--------------------------------------+--------------------------------------+--------------------------------------+
| id | user_id | resource_id |
+--------------------------------------+--------------------------------------+--------------------------------------+
| 691801dc-fd09-400f-afdb-a1ab01e5174a | fd848340-9168-46e7-b9c7-492946cefe2f | beb4960a-8993-4d3f-9b4d-0068b9de2791 |
| 7239ed8e-8562-4099-898a-f25ed66f8362 | cd53516e-f905-4b8e-8ebd-29ab761abad8 | beb4960a-8993-4d3f-9b4d-0068b9de2791 |
| 8464d2a1-9e2a-4ba4-bc60-9ae030c92ac5 | ed7a9fde-c62b-4f36-8db1-dd7797b8595e | beb4960a-8993-4d3f-9b4d-0068b9de2791 |
| e1a636c9-cd3f-46b3-a66b-9f8a978590d0 | 093f2fcf-cdfc-454d-a319-77211f1cf94d | beb4960a-8993-4d3f-9b4d-0068b9de2791 |
+--------------------------------------+--------------------------------------+--------------------------------------+
so there are two users missing!
we expanded the group "allgemein" after creating the records with two more users, maybere there is/was a bug and the system did not create those missing accounts when we added them to the group!?
Hey @grufocom, sorry for the delay.
Could you please confirm whether this bug has been fixed in the latest version or if the issue still persists?
I am trying to add a group to the resource and I keep getting this error, don't know what I am doing wrong here.
Hello @variable can you open another thread, ideally on the community forum: https://community.passbolt.com, thanks