Handle invalid group id in switch_active_group#655
Conversation
will-moore
force-pushed
the
switch_active_group_valueerror_fix
branch
from
5ecc49a to
8146a94
Compare
sbesson
left a comment
sbesson
left a comment
There was a problem hiding this comment.
From a quick round of testing, the current handling of the active_group query parameter is causing 500 errors on invalid inputs or non-existing group IDs. The proposed changes code defensively against these situations.
Biggest inline question is how far the additional checks should go in terms of group validation in this API
omeroweb/webclient/views.py
Outdated
| if active_group is None: | ||
| return | ||
| active_group = int(active_group) | ||
| # validate group id before switching |
There was a problem hiding this comment.
From a quick round of testing accessing a non-existing but valid group ID e.g. /active_group/?active_group=9999, this PR might also fix #387
| active_group = int(active_group) | ||
| # validate group id before switching | ||
| if conn is not None: | ||
| group = conn.getObject("ExperimenterGroup", active_group) |
There was a problem hiding this comment.
As this is adding a check for the group existence, have you considered whether it should also check for group membership for the current user?
Are there some redundancies/performance implications?
There was a problem hiding this comment.
@sbesson Thanks, yes - that's actually a good catch because without it, you can choose a group that you're not a member of. Then, when the main webclient page loads, and you try to load containers for the tree, you get :
return HttpResponseForbidden("Not a member of Group: %s" % group_id)
which causes the webclient page to refresh, which simply gets you into an infinite refresh loop!
This is a current bug before this PR.
Using isValidGroup() in 36c35ae avoids this problem and also is faster than conn.getObject("ExperimenterGroup", active_group) since it uses the eventContext.memberOfGroups which we have in hand.
Also, it allows admins to switch to groups that they are not a member of, which is an important use case.
There was a problem hiding this comment.
The usage of the isValidGroup API is consistent with
omero-web/omeroweb/webclient/views.py
Lines 470 to 471 in 1429a04
With the latest change and using a regular user, I tested the following scenarios for the active_group query parameter:
- non-integer valuee.g.
mygroup - integer value not matching an existing group e.g.
-2 - integer value matching an existing group the user is not member of
- integer value matching an existing group the user is a member of
All scenarios worked as expected with the first three first configurations resulting in no context change while scenario 4 switched the group context as expected.
Tested the same configurations with an administrative user. Scenarios 1, 3 and 4 worked as expected with the admin user being able to switch to any group independently of the membership. However, scenario 2 failed with the same error as #387. This is because the isValidGroup implementation returns True immediately if the authenticated user is an admin independently of the validity of the group ID.
Similarly, passing -1 as the value for the active_group query parameter value bypasses the membership checks and results in #387.
I suspect restoring the conn.getObject("ExperimenterGroup", active_group) is not None check before calling conn.isValidGroup(active_group) should take care of all the scenarios above.
|
@sbesson Thanks for the testing - I've added the group check back now. |
sbesson
left a comment
sbesson
left a comment
There was a problem hiding this comment.
Retested all scenarios above i.e. active_group query parameter with the following values:
- non integer e.g.
mygroup - integer not matching an existing group ID e.g.
-2or9999 -1- existing group ID of which the user is member of
- existing group ID of which the user is not member of
With both an admin and non admin authenticated user. Everything now behaves as expected in the UI.
|
Thank you @will-moore and @sbesson - merging now |
3 participants
Fixes #381
In other usages of
get_long_or_defaultwe wrap it with try/catch as we now do here...This avoids
ValueErrorwhen group id is not a number, e.g./webclient/active_group/?active_group=53foo
Also, we want to avoid errors when the
active_groupis an invalid ID, so we test for that when changing active_group via the URL above.To test: