What version are you running? 1.7.14 What's the URL of the page containing the problem? rbtools API call What steps will reproduce the problem? 1. Add local user with the following permissions: reviews | comment | Can add comment reviews | review | Can add review reviews | review request | Can change status reviews | review request | Can submit as another user sessions | session | Can add session 2. Get a given review request using RBClient 3. review.submit() What is the expected output? What do you see instead? Expected output is something meaningful in the server-side logs, such as: "PUT /api/review-requests/6422/ by user <username> failed: 403 - user does not have <name of permission>, cannot complete action" Actual output is nothing - aside from the web server access log showing 403, nothing in the web server error log or the reviewboard log (set to level Debug) gives any indication as to why this action failed. What operating system are you using? What browser? CentOS 6.3 on the server. No browser. Please provide any additional information below. I added a local user to use in a deploy script that automatically submits reviews when they're merged to master. I gave the user the permissions listed above. When I use RBTools (python client) to try to submit a review request, I get back a traceback with: rbtools.api.errors.APIError: You don't have permission for this (HTTP 403, API Error 101) However there's nothing in either the web server log or the ReviewBoard debug-level log about this, either that there was a 403 API call, or any specifics of why it happened. I'd really like to see at least a log that it happened. With debug-level logging, I expect to see a message with the details of what happened, as well as what permission the user is missing to perform the required action.
- Type-Defect + Type-Enhancement + BetterErrors
Fixing all of these is hard, but fixing individual ones are easy.
I'm not sure if I completely understand this, but here is my attempt of reproducing this bug: - Login as user A - Create user B with permissions listed above - Create a review request as user A - Attempt to close the review request as user B through the RBT tool, with: rbt close --username (user B) --password (user B's password) --close-type submitted (request_id just created) Result: - Review request successfully gets closed Am I misunderstanding something?
I am currently working on this bug.
Fixes applied in djblets release-0.9.x (1e20466) and reviewboard release-2.5.x (0c3e9fd). This will ship in 2.5.4. Thanks!
- New + Fixed