Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth_permission rows get "duplicated" on ./deploy.sh #291

Closed
IllyaMoskvin opened this issue Jul 14, 2016 · 1 comment · Fixed by #283
Closed

auth_permission rows get "duplicated" on ./deploy.sh #291

IllyaMoskvin opened this issue Jul 14, 2016 · 1 comment · Fixed by #283

Comments

@IllyaMoskvin
Copy link
Member

IllyaMoskvin commented Jul 14, 2016
edited
Loading

As of at least fadb34d, there is a major problem with the default_auth.json fixture. Almost all auth.permission objects contain outdated content_type references. Running python manage.py migrate after a fresh install causes "duplicate" references to content types in the auth_permission table. This also happens if you run ./deploy.sh at any time.

Specifically, permissions for content types that changed ids get duplicated. For instance, access_project in default_auth points to content_type: 13; therefore, the following row gets created in auth_permission:

40 | Access Project                     |              13 | access_project

However, after a fresh install, in the django_content_type table, project has an id of 16. Therefore, a second row gets created in auth_permission:

128 | Access Project                       |              16 | access_project

This occurs for all permissions for that content type:

37 | Can add project                      |              13 | add_project
38 | Can change project                   |              13 | change_project
39 | Can delete project                   |              13 | delete_project
40 | Access Project                       |              13 | access_project
...
125 | Can add project                      |              16 | add_project
126 | Can change project                   |              16 | change_project
127 | Can delete project                   |              16 | delete_project
128 | Access Project                       |              16 | access_project

Permissions for content types whose id matches that listed in default_auth.json do not get duplicated:

 1 | Can add permission                   |               1 | add_permission
 2 | Can change permission                |               1 | change_permission
 3 | Can delete permission                |               1 | delete_permission

This problem has been present for a long time; however, Django managed to work around it by referencing only the permissions for the new content type id. Now that we are using custom django-guardian permissions in the APIv2 branch, this issue is rearing its ugly head.

For anyone who stumbles on this page while troubleshooting your own projects, if you are using auth.permission fixtures with django-guardian, and if you get errors similar to the one below, check auth_permission for orphaned content_type references:

File "/var/www/roundware/source/roundware/rw/admin.py", line 99, in get_queryset
  return qset.filter(project__in=get_objects_for_user(request.user, 'rw.access_project'))
File "/usr/local/lib/python2.7/dist-packages/guardian/shortcuts.py", line 441, in get_objects_for_user
  permission__codename=codename)
File "/usr/local/lib/python2.7/dist-packages/django/db/models/manager.py", line 122, in manager_method
  return getattr(self.get_queryset(), name)(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/django/db/models/query.py", line 391, in get
  (self.model._meta.object_name, num)
MultipleObjectsReturned: get() returned more than one ContentType -- it returned 2!

I'm still trying to figure out what to do about this. My tentative recommendation is to do away with the auth.permission fixtures in default_auth.json and just let Django fill out the table as it sees fit. Furthermore, we should consider truncating the auth_permission table as part of the upgrade process to Django 1.9 (#283).
@IllyaMoskvin IllyaMoskvin mentioned this issue Jul 14, 2016
Merged
@IllyaMoskvin
Copy link
Member Author

IllyaMoskvin commented Jul 22, 2016
edited
Loading

As an aside to passing troubleshooters, I now recommend running this query (PostgreSQL) to remove the "orphaned" entries:

DELETE FROM auth_permission WHERE id IN (SELECT id FROM auth_permission EXCEPT ((SELECT permission_id FROM auth_group_permissions) UNION (SELECT permission_id FROM auth_user_user_permissions)))

This will delete all entries from auth_permission that are not assigned to a user or a group. I figure that Django wouldn’t let permissions be assigned to non-existent content types, so it should be quite safe. The auth_permission table will be repopulated the next time you run python manage.py migrate. You will also have to remove any existing auth.permission fixtures you might have.

For our case, I included this command in the upgrade instructions and removed the fixtures.

This issue should be closed when PR #283 is merged.

IllyaMoskvin added a commit to IMAmuseum/roundware-server that referenced this issue Jul 25, 2016
@IllyaMoskvin
Upgrade to Django 1.9
ebf575f 
This is a fairly extensive commit, since most of the requirements had
to be upgraded as well. Dependencies have been locked down to specific
versions for consistency and troubleshooting. Notable changes:

  - Moved wsgi.py to a more standard location, updated apache config.
    Now referenced in roundware.settings.WSGI_APPLICATION

  - For roundware.api2, implemented the new Application Configuration
    structure. See http://stackoverflow.com/q/32795227/1943591

  - django-guardian now creates its own AnonymousUser in the database.
    Removed AnonymousUser references from fixtures to avoid conflicts.
    http://django-guardian.readthedocs.io/en/stable/configuration.html

  - django-guardian assign is being depricated for assign_perm
    See django-guardian/django-guardian@1419048

  - ManyToManyField no longer accepts null=True

  - django.contrib.auth.models.User should not be accessed directly.
    Use django.conf.settings.AUTH_USER_MODEL instead

  - Django changed the way it loads models, which broke streaming.
    Moving django.setup() in roundwared.rwstreamd fixed the issue.

  - django_chartit is no longer maintained. Moved to django_chartit2
    This may require us to install jQuery and Highcharts manually

  - django.forms.models.save_instance has been removed.
    We are now calling save() instead, but it might need more testing.
    django/django@8656cf
    django/django@b11564

  - Fixed errors in Travis install script (thanks @hburgund)

  - Fixed jsocol/django-adminplus/issues/42

  - Fixed django-admin-bootstrapped dependency
    See IMAmuseum/django-admin-bootstrapped

  - Fixed queryset filtering in ProjectProtectedThrough classes in admin.py
    Added explicit permission-based queryset filtering to ProjectAdmin

  - Fixed duplicate rows in auth_permission, removed default_auth fixtures.

This closes roundware#229, fixes roundware#291, and supersedes roundware#282.
IllyaMoskvin added a commit to IMAmuseum/roundware-server that referenced this issue Jul 26, 2016
@IllyaMoskvin
Upgrade to Django 1.9
819144c 
This is a fairly extensive commit, since most of the requirements had
to be upgraded as well. Dependencies have been locked down to specific
versions for consistency and troubleshooting. Notable changes:

  - Moved wsgi.py to a more standard location, updated apache config.
    Now referenced in roundware.settings.WSGI_APPLICATION

  - For roundware.api2, implemented the new Application Configuration
    structure. See http://stackoverflow.com/q/32795227/1943591

  - django-guardian now creates its own AnonymousUser in the database.
    Removed AnonymousUser references from fixtures to avoid conflicts.
    http://django-guardian.readthedocs.io/en/stable/configuration.html

  - django-guardian assign is being depricated for assign_perm
    See django-guardian/django-guardian@1419048

  - ManyToManyField no longer accepts null=True

  - django.contrib.auth.models.User should not be accessed directly.
    Use django.conf.settings.AUTH_USER_MODEL instead

  - Django changed the way it loads models, which broke streaming.
    Moving django.setup() in roundwared.rwstreamd fixed the issue.

  - django_chartit is no longer maintained. Moved to django_chartit2
    This may require us to install jQuery and Highcharts manually

  - django.forms.models.save_instance has been removed.
    We are now calling save() instead, but it might need more testing.
    django/django@8656cf
    django/django@b11564

  - Fixed errors in Travis install script (thanks @hburgund)

  - Fixed jsocol/django-adminplus/issues/42

  - Fixed django-admin-bootstrapped dependency
    See IMAmuseum/django-admin-bootstrapped

  - Fixed queryset filtering in ProjectProtectedThrough classes in admin.py
    Added explicit permission-based queryset filtering to ProjectAdmin

  - Fixed duplicate rows in auth_permission, removed default_auth fixtures.

This closes roundware#229, fixes roundware#291, and supersedes roundware#282.
IllyaMoskvin added a commit to IMAmuseum/roundware-server that referenced this issue Jul 26, 2016
@IllyaMoskvin
Upgrade to Django 1.9
ca79c05 
This is a fairly extensive commit, since most of the requirements had
to be upgraded as well. Dependencies have been locked down to specific
versions for consistency and troubleshooting. Notable changes:

  - Moved wsgi.py to a more standard location, updated apache config.
    Now referenced in roundware.settings.WSGI_APPLICATION

  - For roundware.api2, implemented the new Application Configuration
    structure. See http://stackoverflow.com/q/32795227/1943591

  - django-guardian now creates its own AnonymousUser in the database.
    Removed AnonymousUser references from fixtures to avoid conflicts.
    http://django-guardian.readthedocs.io/en/stable/configuration.html

  - django-guardian assign is being depricated for assign_perm
    See django-guardian/django-guardian@1419048

  - ManyToManyField no longer accepts null=True

  - django.contrib.auth.models.User should not be accessed directly.
    Use django.conf.settings.AUTH_USER_MODEL instead

  - Django changed the way it loads models, which broke streaming.
    Moving django.setup() in roundwared.rwstreamd fixed the issue.

  - django_chartit is no longer maintained. Moved to django_chartit2
    This may require us to install jQuery and Highcharts manually

  - django.forms.models.save_instance has been removed.
    We are now calling save() instead, but it might need more testing.
    django/django@8656cf
    django/django@b11564

  - Fixed errors in Travis install script (thanks @hburgund)

  - Fixed jsocol/django-adminplus/issues/42

  - Fixed django-admin-bootstrapped dependency
    See IMAmuseum/django-admin-bootstrapped

  - Fixed queryset filtering in ProjectProtectedThrough classes in admin.py
    Added explicit permission-based queryset filtering to ProjectAdmin

  - Fixed duplicate rows in auth_permission, removed default_auth fixtures.

This closes roundware#229, fixes roundware#291, and supersedes roundware#282.
IllyaMoskvin added a commit to IMAmuseum/roundware-server that referenced this issue Jul 26, 2016
@IllyaMoskvin
Upgrade to Django 1.9
58e4c11 
This is a fairly extensive commit, since most of the requirements had
to be upgraded as well. Dependencies have been locked down to specific
versions for consistency and troubleshooting. Notable changes:

  - Moved wsgi.py to a more standard location, updated apache config.
    Now referenced in roundware.settings.WSGI_APPLICATION

  - For roundware.api2, implemented the new Application Configuration
    structure. See http://stackoverflow.com/q/32795227/1943591

  - django-guardian now creates its own AnonymousUser in the database.
    Removed AnonymousUser references from fixtures to avoid conflicts.
    http://django-guardian.readthedocs.io/en/stable/configuration.html

  - django-guardian assign is being depricated for assign_perm
    See django-guardian/django-guardian@1419048

  - ManyToManyField no longer accepts null=True

  - django.contrib.auth.models.User should not be accessed directly.
    Use django.conf.settings.AUTH_USER_MODEL instead

  - Django changed the way it loads models, which broke streaming.
    Moving django.setup() in roundwared.rwstreamd fixed the issue.

  - django_chartit is no longer maintained. Moved to django_chartit2
    This may require us to install jQuery and Highcharts manually

  - django.forms.models.save_instance has been removed.
    We are now calling save() instead, but it might need more testing.
    django/django@8656cf
    django/django@b11564

  - Fixed errors in Travis install script (thanks @hburgund)

  - Fixed jsocol/django-adminplus/issues/42

  - Fixed django-admin-bootstrapped dependency
    See IMAmuseum/django-admin-bootstrapped

  - Fixed queryset filtering in ProjectProtectedThrough classes in admin.py
    Added explicit permission-based queryset filtering to ProjectAdmin

  - Fixed duplicate rows in auth_permission, removed default_auth fixtures.

This closes roundware#229, fixes roundware#291, and supersedes roundware#282.
IllyaMoskvin added a commit to IMAmuseum/roundware-server that referenced this issue Jul 26, 2016
@IllyaMoskvin
Upgrade to Django 1.9
4b43011 
This is a fairly extensive commit, since most of the requirements had
to be upgraded as well. Dependencies have been locked down to specific
versions for consistency and troubleshooting. Notable changes:

  - Moved wsgi.py to a more standard location, updated apache config.
    Now referenced in roundware.settings.WSGI_APPLICATION

  - For roundware.api2, implemented the new Application Configuration
    structure. See http://stackoverflow.com/q/32795227/1943591

  - django-guardian now creates its own AnonymousUser in the database.
    Removed AnonymousUser references from fixtures to avoid conflicts.
    http://django-guardian.readthedocs.io/en/stable/configuration.html

  - django-guardian assign is being depricated for assign_perm
    See django-guardian/django-guardian@1419048

  - ManyToManyField no longer accepts null=True

  - django.contrib.auth.models.User should not be accessed directly.
    Use django.conf.settings.AUTH_USER_MODEL instead

  - Django changed the way it loads models, which broke streaming.
    Moving django.setup() in roundwared.rwstreamd fixed the issue.

  - django_chartit is no longer maintained. Moved to django_chartit2
    This may require us to install jQuery and Highcharts manually

  - django.forms.models.save_instance has been removed.
    We are now calling save() instead, but it might need more testing.
    django/django@8656cf
    django/django@b11564

  - Fixed errors in Travis install script (thanks @hburgund)

  - Fixed jsocol/django-adminplus/issues/42

  - Fixed django-admin-bootstrapped dependency
    See IMAmuseum/django-admin-bootstrapped

  - Fixed queryset filtering in ProjectProtectedThrough classes in admin.py
    Added explicit permission-based queryset filtering to ProjectAdmin

  - Fixed duplicate rows in auth_permission, removed default_auth fixtures.

  - Removed fix-m2m-deserial.patch

This closes roundware#229, fixes roundware#291, and supersedes roundware#282.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade to Django 1.9 IMAmuseum/roundware-server
1 participant
@IllyaMoskvin