Score:0

How can I debug an "access denied" on almost every webform?

br flag

I checked every configuration section that I thought could affect access to webforms. Except for the sample content named Demo: Application (/node/371 in my context), every webform - the URL prefix is /form/ - can be accessed just by an administrator, that is a unprivileged user gets an Access denied answer (You are not authorized to access this page). This is driving me nuts. I cannot tell since when this problem is occurring. Before realizing there is such an issue the Drupal instance has been upgraded from an 8 to a 9 version and then from 9 to 10, and later the Nodeaccess module has been installed - but I did configure it properly to let people other than administrator to view and modify forms.

In a separate test instance I disabled the Nodeaccess module: the outcome didn't change, as far as accessing the webform is concerned. So what is going on? What may prevent any unprivileged authenticated user from accessing an arbitrary webform? How can I debug this?

Thanks in advance!

Andrea

id flag
https://drupal.stackexchange.com/questions/202671/debug-access-denied#202679
AppLEaDaY avatar
br flag
@cilefen, thanks! Though I'm not allowed yet to add a comment there. The question is almost seven years old. Webprofiler may have changed in the meantime, since I cannot find the setting AlexeiRayu mentioned. I looked at /admin/config/development/devel/webprofiler..... I found no "permissions" section. My aim is making the bar appear at the bottom of a page for a unprivileged user as well.
id flag
Another way is to step through the page load with a debugger.
AppLEaDaY avatar
br flag
@cilefen, thanks! Though the problem is I'm a damn newbie called to deal with practices he's not familiar with. I asked ChatGPT "In Drupal how can I step through the page load with a debugger?": did you mean I should set up Xdebug with an IDE?
Score:2
cn flag

The webform module alone has 11 places where it throws an access denied exception. There could be hundreds more in core, contrib or custom code.

To find it the easiest way would be a debugger stopping on exceptions.

If you don't have one you can throw a custom exception when any access denied exception is raised:

vendor/symfony/http-kernel/Exception/AccessDeniedHttpException.php

public function __construct(?string $message = '', \Throwable $previous = null, int $code = 0, array $headers = [])
{
    // add this line temporarily
    throw new \Exception("ACCESS DENIED: $message");
    parent::__construct(403, $message, $previous, $headers, $code);
}

Enable "All messages, with backtrace information" on /admin/config/development/logging and you will see a backtrace on the screen under your custom exception pointing at the place where the access is denied.

When you are finished with debugging don't forget to remove the added code line.

If you find AccessAwareRouter->checkAccess() in the backtrace it's a routing/permission issue. Then this topic might help Debug "Access Denied"

AppLEaDaY avatar
br flag
I did add the line you suggested and modified logging as you suggested. By trying to access a webform now I get the traditional "The website encountered an unexpected error. Please try again later." - in Italian - and below "Exception: ACCESS DENIED: in Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException->__construct() (line 23 of /xxx/yyy/zzz/vendor/symfony/http-kernel/Exception/AccessDeniedHttpException.php)." (I put xxx, yyy and zzz are for privacy). What am I missing? Thanks!
4uk4 avatar
cn flag
This looks good, but is that all? There should be a backtrace on the screen if you have enabled it in logging,
AppLEaDaY avatar
br flag
You are right: I though I had enabled logging as you suggested, but I'm afraid I mistakenly did it on another instance. Now I get what follows. But that is double Ducth to me... :-(
AppLEaDaY avatar
br flag
Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException->__construct() (Line: 112) Drupal\Core\Routing\AccessAwareRouter->checkAccess() (Line: 89) Drupal\Core\Routing\AccessAwareRouter->matchRequest() (Line: 105) Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest() call_user_func() (Line: 93) Drupal\tracer\EventDispatcher\TraceableEventDispatcher->dispatch() (Line: 139) Symfony\Component\HttpKernel\HttpKernel->handleRaw() (Line: 74) Symfony\Component\HttpKernel\HttpKernel->handle() (Line: 58)
AppLEaDaY avatar
br flag
Drupal\Core\StackMiddleware\Session->handle() (Line: 48) Drupal\Core\StackMiddleware\KernelPreHandle->handle() (Line: 106) Drupal\page_cache\StackMiddleware\PageCache->pass() (Line: 85) Drupal\page_cache\StackMiddleware\PageCache->handle() (Line: 50) Drupal\ban\BanMiddleware->handle() (Line: 48)
AppLEaDaY avatar
br flag
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle() (Line: 42) Drupal\tracer\StackMiddleware\TracesMiddleware->handle() (Line: 34) Drupal\webprofiler\StackMiddleware\WebprofilerMiddleware->handle() (Line: 51) Drupal\Core\StackMiddleware\NegotiationMiddleware->handle() (Line: 51) Drupal\Core\StackMiddleware\StackedHttpKernel->handle() (Line: 686) Drupal\Core\DrupalKernel->handle() (Line: 19)
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.