Access to log file viewer denied
-
I have the following ACL defined:
groups: admin: users: - admin applications: true api_acls: # This ACL allows users in the "admin" group to access the API - url: "/api" group: admin allow: true log: true # This ACL allows anyone/thing to access the /api/v1/alive API endpoint - url: "/api/v1/alive" allow: trueAnd I have authenticated to MSR as "admin" user. However, I'm getting "access denied" when trying to access http://*******:8111/api/v1/log
So what I'm missing, is my ACL incorrectly defined?
Using build 24302 on Docker.
Using MSR on Docker (Synology NAS), having InfluxDB, Grafana & Home Assistant, Hubitat C-8, Zigbee2MQTT
-
I have the following ACL defined:
groups: admin: users: - admin applications: true api_acls: # This ACL allows users in the "admin" group to access the API - url: "/api" group: admin allow: true log: true # This ACL allows anyone/thing to access the /api/v1/alive API endpoint - url: "/api/v1/alive" allow: trueAnd I have authenticated to MSR as "admin" user. However, I'm getting "access denied" when trying to access http://*******:8111/api/v1/log
So what I'm missing, is my ACL incorrectly defined?
Using build 24302 on Docker.
@tunnus said in Access to log file viewer denied:
And I have authenticated to MSR as "admin" user.
...for the Reactor UI. That login doesn't apply to the API, or to the dashboard, which have separate access paths and therefore require separate authentication.
There are several methods described in the docs for providing auth on API requests. See Access Control.
Author of Multi-system Reactor and Reactor, DelayLight, Switchboard, and about a dozen other plugins that run on Vera and openLuup.
-
@tunnus said in Access to log file viewer denied:
And I have authenticated to MSR as "admin" user.
...for the Reactor UI. That login doesn't apply to the API, or to the dashboard, which have separate access paths and therefore require separate authentication.
There are several methods described in the docs for providing auth on API requests. See Access Control.
@toggledbits the same ACL configuration works for the dashboard, if I'm authenticated to "general" UI, it does not ask for a new authentication. But if needed, it (dashboard) will redirect to login screen whereas this (log viewer) won't.
Using MSR on Docker (Synology NAS), having InfluxDB, Grafana & Home Assistant, Hubitat C-8, Zigbee2MQTT
-
@toggledbits the same ACL configuration works for the dashboard, if I'm authenticated to "general" UI, it does not ask for a new authentication. But if needed, it (dashboard) will redirect to login screen whereas this (log viewer) won't.
There's an authentication taking place there, you just don't see it. It is also managed by the applications, not by the browser. The API is a separate beast, and the Reactor UI and dashboard do not use the API to do any work, they have their own channel. There's a reason the ACL section you are working in is called
api_aclsand not justacls. -
-
If you change nothing in the ACL configuration, you can add the username and password for access to the query URL as request parameters. The specifics of this are described in the documentation (under Access Control).
-
You can modify the ACL to allow anonymous access but restrict the source IP address to whatever host(s) you use.
Author of Multi-system Reactor and Reactor, DelayLight, Switchboard, and about a dozen other plugins that run on Vera and openLuup.
-
-
T toggledbits unlocked this topic on
-
T toggledbits locked this topic on
