HTTP 403 reported to Sentry on the corpus class list or creation
Sentry Issue: ARKINDEX-BACKEND-1BF
PermissionDenied: You do not have contributor access to this corpus.
(5 additional frame(s) were not displayed)
...
File "rest_framework/renderers.py", line 655, in get_context
raw_data_post_form = self.get_raw_data_form(data, view, 'POST', request)
File "rest_framework/renderers.py", line 554, in get_raw_data_form
serializer = view.get_serializer()
File "rest_framework/generics.py", line 109, in get_serializer
kwargs.setdefault('context', self.get_serializer_context())
File "arkindex/documents/api/ml.py", line 335, in get_serializer_context
File "arkindex/project/mixins.py", line 144, in get_corpus
I am still investigating this issue and I am not sure whether a GET
or a POST
was actually made on this endpoint, because Sentry reports a POST
in the stack trace and a GET
in its context. The URL does match the endpoint class that provides ListCorpusMLClasses
and CreateMLClass
at least.
It is possible to get this PermissionDenied exception by either not having any role on the corpus, or being a guest, but I cannot yet confirm whether or not this is a HTTP 500 or a spurious Sentry report.
The frontend does not allow you to create a class without a contributor role, and if you cause the frontend's authentication data to be obsolete by opening the class list in one tab, removing your own access in another tab, and trying to create a class in the first tab, the frontend handles a 403 error correctly.