Hugging Face's logo

Spaces:
insightfyadmin
/
insightfy-bloom-ms-ans
Sleeping

App Files Community
insightfy-bloom-ms-ans / scripts /add_diagnostic_endpoint.md
MukeshKapoor25's picture
MukeshKapoor25
docs(widget-permissions): Add comprehensive documentation and debugging tools for widget access control
307aee3
preview code
|
raw
history blame contribute delete
2.84 kB

Diagnostic Endpoint for Widget Access

Problem

The API is returning 403 Forbidden even though local tests pass. This suggests the production MongoDB might have different data or configuration.

Solution

Add a temporary diagnostic endpoint to check the widget access configuration in production.

Add this endpoint to app/routers/chart_widget_router.py: 

@router.get("/debug/widget-access/{widget_id}")
async def debug_widget_access(
    widget_id: str,
    current_user: dict = Depends(get_current_user)
):
    """
    DEBUG ENDPOINT: Check widget access configuration.
    Remove this endpoint after debugging!
    """
    from app.nosql import mongo_db
    
    merchant_id = current_user.get("merchant_id")
    role_id = current_user.get("role_id")
    user_id = current_user.get("associate_id")
    
    # Check if access_roles collection exists
    collections = await mongo_db.list_collection_names()
    
    # Get the role document
    role_doc = await mongo_db["access_roles"].find_one({
        "merchant_id": merchant_id,
        "role_id": role_id
    })
    
    # Test the widget access query
    widget_query = {
        "merchant_id": merchant_id,
        "role_id": role_id,
        "widget_access": widget_id
    }
    widget_result = await mongo_db["access_roles"].find_one(widget_query)
    
    return {
        "current_user": {
            "merchant_id": merchant_id,
            "role_id": role_id,
            "user_id": user_id
        },
        "collections_exist": {
            "access_roles": "access_roles" in collections
        },
        "role_document_found": role_doc is not None,
        "role_document_id": str(role_doc.get("_id")) if role_doc else None,
        "widget_access_field_exists": "widget_access" in (role_doc or {}),
        "widget_access_count": len(role_doc.get("widget_access", [])) if role_doc else 0,
        "widget_access_sample": role_doc.get("widget_access", [])[:5] if role_doc else [],
        "widget_in_access_list": widget_id in (role_doc.get("widget_access", []) if role_doc else []),
        "widget_query_result": widget_result is not None,
        "tested_widget_id": widget_id
    }

Test the endpoint: 

curl -X 'GET' \
  'https://insightfyadmin-insightfy-bloom-ms-ans.hf.space/api/v1/charts/debug/widget-access/wid_revenue_trend_12m_001' \
  -H 'Authorization: Bearer YOUR_TOKEN'

This will show you exactly what's in the production MongoDB and help identify the issue.

Alternative: Check Production Logs

If you have access to production logs, check for these log messages:

  • "Widget access check" - Shows the query being made
  • "Widget access denied" - Shows why access was denied
  • "Widget access granted" - Confirms successful access

Look for the extra fields in the logs to see the actual values being used.