New project snippet for external user produces a 404
Summary
As an external user, when I visit an authorized project snippets page and click the "New snippet" button I receive a Page Not Found (404) error.
This also applies to public projects such as http://localhost:3000/gnuwget/wget2/snippets in development.
Steps to reproduce
- Create an external user.
- Add external user to a project.
- As external user, visit the project snippets page. E.g. http://localhost:3000/h5bp/html5-boilerplate/snippets
- Click the green "New snippet" button.
- Return a page not found error. E.g. http://localhost:3000/h5bp/html5-boilerplate/snippets/new
What is the current bug behavior?
A page not found page is returned.
What is the expected correct behavior?
A new snippet form.
Relevant logs and/or screenshots
Note the Filter chain halted as :authorize_create_project_snippet! rendered or redirected
line at the bottom of this dump.
source=rack-timeout id=RdarYTSW3Ja timeout=60000ms service=152ms state=completed
source=rack-timeout id=8OyzRkXVfl3 timeout=60000ms state=ready
Started GET "/h5bp/html5-boilerplate/snippets/new" for 127.0.0.1 at 2019-12-13 12:07:08 +0800
source=rack-timeout id=8OyzRkXVfl3 timeout=60000ms service=1ms state=active
ApplicationSetting Load (0.5ms) SELECT "application_settings".* FROM "application_settings" ORDER BY "application_settings"."id" DESC LIMIT $1 [["LIMIT", 1]]
↳ app/models/concerns/cacheable_attributes.rb:19
(0.5ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
↳ lib/gitlab/current_settings.rb:53
SQL (0.8ms) SELECT "projects"."id" AS t0_r0, "projects"."name" AS t0_r1, "projects"."path" AS t0_r2, "projects"."description" AS t0_r3, "projects"."created_at" AS t0_r4, "projects"."updated_at" AS t0_r5, "projects"."creator_id" AS t0_r6, "projects"."namespace_id" AS t0_r7, "projects"."last_activity_at" AS t0_r8, "projects"."import_url" AS t0_r9, "projects"."visibility_level" AS t0_r10, "projects"."archived" AS t0_r11, "projects"."avatar" AS t0_r12, "projects"."merge_requests_template" AS t0_r13, "projects"."star_count" AS t0_r14, "projects"."merge_requests_rebase_enabled" AS t0_r15, "projects"."import_type" AS t0_r16, "projects"."import_source" AS t0_r17, "projects"."approvals_before_merge" AS t0_r18, "projects"."reset_approvals_on_push" AS t0_r19, "projects"."merge_requests_ff_only_enabled" AS t0_r20, "projects"."issues_template" AS t0_r21, "projects"."mirror" AS t0_r22, "projects"."mirror_last_update_at" AS t0_r23, "projects"."mirror_last_successful_update_at" AS t0_r24, "projects"."mirror_user_id" AS t0_r25, "projects"."shared_runners_enabled" AS t0_r26, "projects"."runners_token" AS t0_r27, "projects"."build_coverage_regex" AS t0_r28, "projects"."build_allow_git_fetch" AS t0_r29, "projects"."build_timeout" AS t0_r30, "projects"."mirror_trigger_builds" AS t0_r31, "projects"."pending_delete" AS t0_r32, "projects"."public_builds" AS t0_r33, "projects"."last_repository_check_failed" AS t0_r34, "projects"."last_repository_check_at" AS t0_r35, "projects"."container_registry_enabled" AS t0_r36, "projects"."only_allow_merge_if_pipeline_succeeds" AS t0_r37, "projects"."has_external_issue_tracker" AS t0_r38, "projects"."repository_storage" AS t0_r39, "projects"."repository_read_only" AS t0_r40, "projects"."request_access_enabled" AS t0_r41, "projects"."has_external_wiki" AS t0_r42, "projects"."ci_config_path" AS t0_r43, "projects"."lfs_enabled" AS t0_r44, "projects"."description_html" AS t0_r45, "projects"."only_allow_merge_if_all_discussions_are_resolved" AS t0_r46, "projects"."repository_size_limit" AS t0_r47, "projects"."printing_merge_request_link_enabled" AS t0_r48, "projects"."auto_cancel_pending_pipelines" AS t0_r49, "projects"."service_desk_enabled" AS t0_r50, "projects"."cached_markdown_version" AS t0_r51, "projects"."delete_error" AS t0_r52, "projects"."last_repository_updated_at" AS t0_r53, "projects"."disable_overriding_approvers_per_merge_request" AS t0_r54, "projects"."storage_version" AS t0_r55, "projects"."resolve_outdated_diff_discussions" AS t0_r56, "projects"."remote_mirror_available_overridden" AS t0_r57, "projects"."only_mirror_protected_branches" AS t0_r58, "projects"."pull_mirror_available_overridden" AS t0_r59, "projects"."jobs_cache_index" AS t0_r60, "projects"."external_authorization_classification_label" AS t0_r61, "projects"."mirror_overwrites_diverged_branches" AS t0_r62, "projects"."pages_https_only" AS t0_r63, "projects"."external_webhook_token" AS t0_r64, "projects"."packages_enabled" AS t0_r65, "projects"."merge_requests_author_approval" AS t0_r66, "projects"."pool_repository_id" AS t0_r67, "projects"."runners_token_encrypted" AS t0_r68, "projects"."bfg_object_map" AS t0_r69, "projects"."detected_repository_languages" AS t0_r70, "projects"."merge_requests_disable_committers_approval" AS t0_r71, "projects"."require_password_to_approve" AS t0_r72, "projects"."emails_disabled" AS t0_r73, "projects"."max_pages_size" AS t0_r74, "projects"."max_artifacts_size" AS t0_r75, "projects"."pull_mirror_branch_prefix" AS t0_r76, "projects"."remove_source_branch_after_merge" AS t0_r77, "projects"."marked_for_deletion_at" AS t0_r78, "projects"."marked_for_deletion_by_user_id" AS t0_r79, "routes"."id" AS t1_r0, "routes"."source_id" AS t1_r1, "routes"."source_type" AS t1_r2, "routes"."path" AS t1_r3, "routes"."created_at" AS t1_r4, "routes"."updated_at" AS t1_r5, "routes"."name" AS t1_r6 FROM "projects" LEFT OUTER JOIN "routes" ON "routes"."source_id" = "projects"."id" AND "routes"."source_type" = $1 WHERE "routes"."path" = $2 LIMIT $3 [["source_type", "Project"], ["path", "h5bp/html5-boilerplate"], ["LIMIT", 1]]
↳ app/models/concerns/routable.rb:38
Processing by Projects::SnippetsController#new as HTML
Parameters: {"namespace_id"=>"h5bp", "project_id"=>"html5-boilerplate"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 50], ["LIMIT", 1]]
↳ app/controllers/concerns/enforces_two_factor_authentication.rb:26
Identity Exists (0.2ms) SELECT 1 AS one FROM "identities" WHERE "identities"."user_id" = $1 AND (provider = 'ultraauth' AND extern_uid IS NOT NULL) LIMIT $2 [["user_id", 50], ["LIMIT", 1]]
↳ app/models/user.rb:991
UserPreference Load (0.2ms) SELECT "user_preferences".* FROM "user_preferences" WHERE "user_preferences"."user_id" = $1 LIMIT $2 [["user_id", 50], ["LIMIT", 1]]
↳ app/models/user.rb:1561
(0.2ms) SELECT "features"."key" FROM "features"
↳ lib/feature.rb:15
CACHE SQL (0.0ms) SELECT "projects"."id" AS t0_r0, "projects"."name" AS t0_r1, "projects"."path" AS t0_r2, "projects"."description" AS t0_r3, "projects"."created_at" AS t0_r4, "projects"."updated_at" AS t0_r5, "projects"."creator_id" AS t0_r6, "projects"."namespace_id" AS t0_r7, "projects"."last_activity_at" AS t0_r8, "projects"."import_url" AS t0_r9, "projects"."visibility_level" AS t0_r10, "projects"."archived" AS t0_r11, "projects"."avatar" AS t0_r12, "projects"."merge_requests_template" AS t0_r13, "projects"."star_count" AS t0_r14, "projects"."merge_requests_rebase_enabled" AS t0_r15, "projects"."import_type" AS t0_r16, "projects"."import_source" AS t0_r17, "projects"."approvals_before_merge" AS t0_r18, "projects"."reset_approvals_on_push" AS t0_r19, "projects"."merge_requests_ff_only_enabled" AS t0_r20, "projects"."issues_template" AS t0_r21, "projects"."mirror" AS t0_r22, "projects"."mirror_last_update_at" AS t0_r23, "projects"."mirror_last_successful_update_at" AS t0_r24, "projects"."mirror_user_id" AS t0_r25, "projects"."shared_runners_enabled" AS t0_r26, "projects"."runners_token" AS t0_r27, "projects"."build_coverage_regex" AS t0_r28, "projects"."build_allow_git_fetch" AS t0_r29, "projects"."build_timeout" AS t0_r30, "projects"."mirror_trigger_builds" AS t0_r31, "projects"."pending_delete" AS t0_r32, "projects"."public_builds" AS t0_r33, "projects"."last_repository_check_failed" AS t0_r34, "projects"."last_repository_check_at" AS t0_r35, "projects"."container_registry_enabled" AS t0_r36, "projects"."only_allow_merge_if_pipeline_succeeds" AS t0_r37, "projects"."has_external_issue_tracker" AS t0_r38, "projects"."repository_storage" AS t0_r39, "projects"."repository_read_only" AS t0_r40, "projects"."request_access_enabled" AS t0_r41, "projects"."has_external_wiki" AS t0_r42, "projects"."ci_config_path" AS t0_r43, "projects"."lfs_enabled" AS t0_r44, "projects"."description_html" AS t0_r45, "projects"."only_allow_merge_if_all_discussions_are_resolved" AS t0_r46, "projects"."repository_size_limit" AS t0_r47, "projects"."printing_merge_request_link_enabled" AS t0_r48, "projects"."auto_cancel_pending_pipelines" AS t0_r49, "projects"."service_desk_enabled" AS t0_r50, "projects"."cached_markdown_version" AS t0_r51, "projects"."delete_error" AS t0_r52, "projects"."last_repository_updated_at" AS t0_r53, "projects"."disable_overriding_approvers_per_merge_request" AS t0_r54, "projects"."storage_version" AS t0_r55, "projects"."resolve_outdated_diff_discussions" AS t0_r56, "projects"."remote_mirror_available_overridden" AS t0_r57, "projects"."only_mirror_protected_branches" AS t0_r58, "projects"."pull_mirror_available_overridden" AS t0_r59, "projects"."jobs_cache_index" AS t0_r60, "projects"."external_authorization_classification_label" AS t0_r61, "projects"."mirror_overwrites_diverged_branches" AS t0_r62, "projects"."pages_https_only" AS t0_r63, "projects"."external_webhook_token" AS t0_r64, "projects"."packages_enabled" AS t0_r65, "projects"."merge_requests_author_approval" AS t0_r66, "projects"."pool_repository_id" AS t0_r67, "projects"."runners_token_encrypted" AS t0_r68, "projects"."bfg_object_map" AS t0_r69, "projects"."detected_repository_languages" AS t0_r70, "projects"."merge_requests_disable_committers_approval" AS t0_r71, "projects"."require_password_to_approve" AS t0_r72, "projects"."emails_disabled" AS t0_r73, "projects"."max_pages_size" AS t0_r74, "projects"."max_artifacts_size" AS t0_r75, "projects"."pull_mirror_branch_prefix" AS t0_r76, "projects"."remove_source_branch_after_merge" AS t0_r77, "projects"."marked_for_deletion_at" AS t0_r78, "projects"."marked_for_deletion_by_user_id" AS t0_r79, "routes"."id" AS t1_r0, "routes"."source_id" AS t1_r1, "routes"."source_type" AS t1_r2, "routes"."path" AS t1_r3, "routes"."created_at" AS t1_r4, "routes"."updated_at" AS t1_r5, "routes"."name" AS t1_r6 FROM "projects" LEFT OUTER JOIN "routes" ON "routes"."source_id" = "projects"."id" AND "routes"."source_type" = $1 WHERE "routes"."path" = $2 LIMIT $3 [["source_type", "Project"], ["path", "h5bp/html5-boilerplate"], ["LIMIT", 1]]
↳ app/models/concerns/routable.rb:38
Group Load (0.4ms) SELECT "namespaces".* FROM "namespaces" WHERE "namespaces"."type" IN ('Group') AND "namespaces"."id" = $1 AND "namespaces"."type" = $2 LIMIT $3 [["id", 8], ["type", "Group"], ["LIMIT", 1]]
↳ ee/app/policies/ee/project_policy.rb:276
License Load (0.2ms) SELECT "licenses".* FROM "licenses" ORDER BY "licenses"."id" DESC LIMIT $1 [["LIMIT", 1]]
↳ ee/app/models/license.rb:259
Group Load (0.4ms) SELECT "namespaces".* FROM "namespaces" WHERE "namespaces"."type" IN ('Group') AND "namespaces"."id" = $1 AND "namespaces"."parent_id" IS NULL LIMIT $2 [["id", 8], ["LIMIT", 1]]
↳ app/models/namespace.rb:266
(0.3ms) SELECT MAX("project_authorizations"."access_level") AS maximum_access_level, "project_authorizations"."user_id" AS project_authorizations_user_id FROM "project_authorizations" WHERE "project_authorizations"."project_id" = $1 AND "project_authorizations"."user_id" = $2 GROUP BY "project_authorizations"."user_id" [["project_id", 8], ["user_id", 50]]
↳ app/models/project_team.rb:182
ProjectFeature Load (0.2ms) SELECT "project_features".* FROM "project_features" WHERE "project_features"."project_id" = $1 LIMIT $2 [["project_id", 8], ["LIMIT", 1]]
↳ app/models/project.rb:323
GroupMember Exists (0.7ms) SELECT 1 AS one FROM "members" LEFT OUTER JOIN "users" ON "members"."user_id" = "users"."id" WHERE "members"."type" IN ('GroupMember') AND "members"."source_type" = $1 AND "users"."state" = $2 AND "members"."requested_at" IS NULL AND "members"."source_id" = $3 AND (("members"."user_id" IS NULL AND "members"."invite_token" IS NOT NULL) OR "users"."state" = 'active') AND "members"."requested_at" IS NULL AND "members"."access_level" = $4 AND "members"."user_id" = $5 LIMIT $6 [["source_type", "Namespace"], ["state", "active"], ["source_id", 8], ["access_level", 50], ["user_id", 50], ["LIMIT", 1]]
↳ app/models/group.rb:259
Rendering errors/not_found.html.haml within layouts/errors
Rendered errors/_footer.html.haml (2.5ms)
Rendered errors/not_found.html.haml within layouts/errors (8.5ms)
Filter chain halted as :authorize_create_project_snippet! rendered or redirected
Completed 404 Not Found in 83ms (Views: 17.7ms | ActiveRecord: 2.9ms | Elasticsearch: 0.0ms)
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: Proxy: no Current User: alex Using RVM: no Ruby Version: 2.6.3p62 Gem Version: 3.0.3 Bundler Version:1.17.3 Rake Version: 12.3.3 Redis Version: 5.0.7 Git Version: 2.24.0 Sidekiq Version:5.2.7 Go Version: go1.13.4 darwin/amd64GitLab information Version: 12.6.0-pre Revision: a736426780e Directory: /Users/alex/code/gdk/gitlab DB Adapter: PostgreSQL DB Version: 10.11 URL: http://0.0.0.0:3000 HTTP Clone URL: http://0.0.0.0:3000/some-group/some-project.git SSH Clone URL: ssh://alex@localhost:2222/some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers:
GitLab Shell Version: 10.2.0 Repository storage paths:
- default: / GitLab Shell path: /Users/alex/code/gdk/gitlab-shell Git: /usr/local/bin/git
/cc @fjsanpedro