openai_assistants/chat?ajax_form=1&_wrapper_format=drupal_ajax. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: The 'chat with assistant' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess()

Created on 18 April 2024, 8 months ago
Updated 22 April 2024, 8 months ago

Problem/Motivation

hi, i get this error when an anonymous user interacts with the assistant block

openai_assistants/chat?ajax_form=1&_wrapper_format=drupal_ajax. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: The 'chat with assistant' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess()

i checked the permissions page, there is no 'chat with assistant' permission there, please add it to the openai_assistants.permissions.yml file

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report
Status

Needs review

Version

1.0

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @dastan56
  • i am attaching the patch which adds this permission

  • while above patch fixed the permission issue, now there is a new error for anonymous users:

    TypeError: Drupal\openai_assistants\Entity\OpenaiThread::getAssistantId(): Return value must be of type string, null returned in Drupal\openai_assistants\Entity\OpenaiThread->getAssistantId() (line 235 of /web/modules/contrib/openai_assistants/src/Entity/OpenaiThread.php).

    i did some investigation, and found the reason is because the assistant_id which is stored using tempstore.private is only stored for anonymous users when the cache is cleared, so if cache is not cleared then the assistant_id is not stored which then gives error, so following the instruction here https://www.drupal.org/forum/support/module-development-and-code-questio... i added this code to both DialogForm and OpenaiChatForm

    $form['#cache'] = ['max-age' => 0];

    this resolved the issue for anonymous users, i have attached the patch which includes both the permission patch above and the cache changes.

  • Status changed to Needs review 8 months ago
  • 🇫🇮Finland merilainen

    The patch works, after giving the permission for anonymous user I can use it now as anonymous.

    I'm not sure if there would be another way than setting the #cache max-age to 0, because it will kill the page cache and for example varnish will not work, making a site vulnerable for DDOS attacks.

Production build 0.71.5 2024