Admin not authorized to delete
Hi all.
Whenever I'm deleting a fragment, I get a 403
error from the backend.
The output of GET
fragments is as follows. I put placeholders for the printout of the collection for brevity.
admin is allowed to read /api/collection/fragments
{ collection }
Falling back to anonymous
{ collection }
GET /api/collection/fragments 200 166.357 ms - 2354
From what I could gather from the api, the "Falling back to anonymous" part means that there was an authorization error.
Then on DELETE
, I get this output.
undefined
AuthorizationError
at new AuthorizationError (/Users/johnbarlas39/Documents/pubsweet/core/api/errors/AuthorizationError.js:6:11)
at Function.it (/Users/johnbarlas39/Documents/pubsweet/core/api/models/authorize.js:87:29)
at /Users/johnbarlas39/Documents/pubsweet/core/api/routes/api_collection.js:159:20
at Layer.handle [as handle_request] (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/layer.js:95:5)
at next (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/route.js:131:13)
at Route.dispatch (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/layer.js:95:5)
at /Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/index.js:277:22
at param (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/index.js:349:14)
at param (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/index.js:365:14)
at Function.process_params (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/index.js:410:3)
at next (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/index.js:271:10)
at Function.handle (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/index.js:176:3)
at router (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/index.js:46:12)
at Layer.handle [as handle_request] (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/Users/johnbarlas39/Documents/pubsweet/core/node_modules/express/lib/router/index.js:312:13)
DELETE /api/collection/fragments/dc6410e6-5b53-4bfe-8cfc-98ae76d51e12 403 2.317 ms - 2
The undefined
print at the top is a console.log(req.user)
I put there while trying to debug.
So it makes sense that it wouldn't authorize me, but I can't seem to get to the bottom of why my user never got that far.
The front-end part (admin manager and the table of contents) seems to work, ie. the state gets updated, but all the changes are obviously lost on page refresh.
The user list also shows me as having admin access and I can create fragments without any issue.