Hi all,
I have a setup running based on `kobo_docker`. Form creation in `kpi`
is broken for non-superuser users.
The immediate problem is that the application tries to retrieve a list
of assets by making a request to the `/assets/` endpoint. This request
returns a 403.
In the deployment on kobotoolbox.org, retrieving a read-only list of
assets is possible even for anonymous users. I guess this is due to
the fact that `ANONYMOUS_USER_ID` is set to the id of an existing user
instead of being set to `-1`.
Could you elaborate a bit on how this user is supposed to look like,
which permission he is supposed to have?
I was able to let anonymous users view assets in my local setup too by
setting `ANONYMOUS_USER_ID` to the id of an existing user (that has
the `kpi.view_asset` permission). However, regular, authenticated
users still get the 403 until they have been assigned the
`kpi.view_asset` permission also.
I created my users by POSTing to the `/profiles` endpoint of the
`kobocat` API. I assumed that those users would get all permissions
assigned that are necessary to be functional. This doesn't seem to be
the case. The same is true when I register the users through the
frontend.
I guess authenticated, regular users need all permissions found in
`kpi/fixtures/test_data.json`:
"user_permissions" : [
["add_collection", "kpi", "collection"],
["change_collection", "kpi", "collection"],
["delete_collection", "kpi", "collection"],
["share_collection", "kpi", "collection"],
["view_collection", "kpi", "collection"],
["add_asset", "kpi", "asset"],
["change_asset", "kpi", "asset"],
["delete_asset", "kpi", "asset"],
["share_asset", "kpi", "asset"],
["view_asset", "kpi", "asset"]
]
How should I go about this? Do I need to manually assign all users the
necessary permissions, or is there a better way to have KoBo do this
automatically on user creation?
Thanks for your help!
Jesaja
