Skip to content

HTTP 403 reported to Sentry on the corpus class list or creation

Sentry Issue: ARKINDEX-BACKEND-1BF

PermissionDenied: You do not have contributor access to this corpus.
(5 additional frame(s) were not displayed)
...
  File "rest_framework/renderers.py", line 655, in get_context
    raw_data_post_form = self.get_raw_data_form(data, view, 'POST', request)
  File "rest_framework/renderers.py", line 554, in get_raw_data_form
    serializer = view.get_serializer()
  File "rest_framework/generics.py", line 109, in get_serializer
    kwargs.setdefault('context', self.get_serializer_context())
  File "arkindex/documents/api/ml.py", line 335, in get_serializer_context
  File "arkindex/project/mixins.py", line 144, in get_corpus

I am still investigating this issue and I am not sure whether a GET or a POST was actually made on this endpoint, because Sentry reports a POST in the stack trace and a GET in its context. The URL does match the endpoint class that provides ListCorpusMLClasses and CreateMLClass at least.

It is possible to get this PermissionDenied exception by either not having any role on the corpus, or being a guest, but I cannot yet confirm whether or not this is a HTTP 500 or a spurious Sentry report.

The frontend does not allow you to create a class without a contributor role, and if you cause the frontend's authentication data to be obsolete by opening the class list in one tab, removing your own access in another tab, and trying to create a class in the first tab, the frontend handles a 403 error correctly.