Orocrm 仪表板显示“您无权执行此操作".错误 [英] Orocrm dashboard displays a "You do not have permission to perform this action." error

问题描述

好的，这是一个全新的 Orocrm 安装，我有以下错误:

Ok, this is a fresh Orocrm install and i have the following errors:

当我在网络日志中挖掘一点时，这就是我发现的:

When i dug a little in the network logs, this is what i found :

我不知道它是否相关，但是当我按照 WebSocket 连接配置 页面在 orocrm 文档中可用.

I don't know if its related, but these errors have started to show up when i enabled SSL support following all the instructions of the WebSocket Connection Configuration page available in the orocrm doc.

这是我的nginx配置文件的内容:

server {
        listen 80;
        listen [::]:80;
        server_name crm.domain.tld;
        return 301 https://$host$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name crm.domain.tld;
        root /home/whatever/crm/public;

        ssl_certificate /etc/letsencrypt/live/crm.domain.tld/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/crm.domain.tld/privkey.pem;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        include /etc/letsencrypt/options-ssl-nginx.conf;
        # ssl_protocols TLSv1.2;
        # ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES2;

        location / {
                try_files $uri /index.php$is_args$args;
        }

        location ~ ^/index\.php(/|$) {
                fastcgi_pass unix:/run/php/crm-php7.4-fpm.sock;
                fastcgi_split_path_info ^(.+\.php)(/.*)$;

                include fastcgi_params;

                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;

                internal;
        }

        location ~ \.php {
                return 404;
        }

        location /ws {
                # redirect all traffic to localhost:8080;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_set_header X-Forwarded-Proto $scheme;

                proxy_pass http://127.0.0.1:8080/$is_args$args;
                proxy_redirect off;
                proxy_read_timeout 86400;

                # enables WS support
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                # prevents 502 bad gateway error
                proxy_buffers 8 32k;
                proxy_buffer_size 64k;

                reset_timedout_connection on;

                error_log /home/whatever/logs/oro_wss_error.log;
                access_log /home/whatever/logs/oro_wss_access.log;
        }

        error_log /home/whatever/logs/error.log;
        access_log /home/whatever/logs/access.log;
}

这是我的parameters.yml的内容:

parameters:
    database_driver: pdo_mysql
    database_host: '%env(ORO_DB_HOST)%'
    database_port: '%env(ORO_DB_PORT)%'
    database_name: '%env(ORO_DB_NAME)%'
    database_user: '%env(ORO_DB_USER)%'
    database_password: '%env(ORO_DB_PASSWORD)%'
    database_server_version: '%env(ORO_DB_VERSION)%'
    database_driver_options: {  }

    mailer_transport: '%env(ORO_MAILER_DRIVER)%'
    mailer_host: '%env(ORO_MAILER_HOST)%'
    mailer_port: '%env(ORO_MAILER_PORT)%'
    mailer_encryption: '%env(ORO_MAILER_ENCRYPTION)%'
    mailer_user: '%env(ORO_MAILER_USER)%'
    mailer_password: '%env(ORO_MAILER_PASSWORD)%'

    websocket_bind_address: 0.0.0.0
    websocket_bind_port: 8080
    websocket_frontend_host: '*'
    websocket_frontend_port: 443
    websocket_frontend_path: 'ws'
    websocket_backend_host: '*'
    websocket_backend_port: 443
    websocket_backend_path: 'ws'
    websocket_backend_transport: 'ssl'
    websocket_backend_ssl_context_options: {  }

    web_backend_prefix: ''
    session_handler: session.handler.native_file
    secret: '%env(ORO_SECRET)%'
    installed: '*******************'
    assets_version: *******************
    assets_version_strategy: time_hash
    message_queue_transport: dbal
    message_queue_transport_config: null
    deployment_type: null
    liip_imagine.jpegoptim.binary: null
    liip_imagine.pngquant.binary: null

    env(ORO_DB_HOST): localhost
    env(ORO_DB_PORT): null
    env(ORO_DB_NAME): *******************
    env(ORO_DB_USER): *******************
    env(ORO_DB_PASSWORD): *******************
    env(ORO_DB_VERSION): null
    env(ORO_MAILER_DRIVER): smtp
    env(ORO_MAILER_HOST): 127.0.0.1
    env(ORO_MAILER_PORT): null
    env(ORO_MAILER_ENCRYPTION): null
    env(ORO_MAILER_USER): null
    env(ORO_MAILER_PASSWORD): null
    env(ORO_SECRET): *******************

这是我的主管配置文件的内容:

***

[program:oro_web_socket]
command=php ./bin/console gos:websocket:server --env=prod
numprocs=1
autostart=true
autorestart=true
directory=/home/whatever/crm
user=whatever
redirect_stderr=true

[program:oro_message_consumer]
command=php ./bin/console oro:message-queue:consume --env=prod
process_name=%(program_name)s_%(process_num)02d
numprocs=5
autostart=true
autorestart=true
directory=/home/whatever/crm
user=whatever
redirect_stderr=true

var/logs/prod.log 不使用 tail -f prod.log 输入任何内容.

var/logs/prod.log doesn't input anything with tail -f prod.log.

WSS 日志为空.

它也可能相关，但是在 Orocrm 选项中启用 api 沙箱后我陷入了循环 每隔一秒左右将我重定向到 Orocrm 的仪表板.我设法通过在正确的时间点击浏览器的停止加载按钮以某种方式修复它.禁用该选项后，不再进行循环重定向.

It might be related too, but after enabling the api sandbox in the Orocrm options i was stuck in a loop redirecting me every secs or so to the dashboard of Orocrm. I managed to somehow fix it by hitting the stop loading button of my browser at the right time. Once the option was disabled, no more loop redirection.

有什么线索吗?我的想法快用完了.

Any clues ? I'm running out of ideas.

推荐答案

它确实与 SSL 相关，从 不安全 迁移到 SSL 是具有更深层根源的潜在问题的征兆.

Its indeed tied to SSL, Moving from unsafe to SSL was a symptom of an underlying problem with deeper roots.

当我开始安装 Orocrm 时，我没有 SSL 证书.我打开浏览器并开始配置它.当我完成 Orocrm 的配置后，我不得不更改密码，因为我使用的是临时密码，但在此之前我必须安装 SSL 证书.

When i started the installation of Orocrm i had no SSL certificate. I opened my browser and started configuring it up. When i was done configuring Orocrm i had to change the password since i was using a temporary password but before that i had to install the SSL certificate.

我已经开始使用 Letsencrypt 工具安装 SSL 证书.完成后，我将 Orocrm 设置为支持 SSL，然后我再次重新打开 orocrm，结果开始出错.

I've started to install the SSL certificate with Letsencrypt tool. Once i was done with it i've set up Orocrm to support SSL, then i re-opened orocrm again and things started to go wrong.

从不安全转移到SSL后不清除cookie.

Not clearing the cookies after moving from unsafe to SSL.

我不确定如何深入工作，但这可能是因为我的浏览器中有一个已经可用的 _csrf cookie，https-_csrf cookie 可能由于某处的条件而存在.

I'm not sure how are working things deep-down, but its probably because there was a an already avaiable _csrf cookie in my browser, it was not possible for the https-_csrf cookie to exist probably due to a condition somewhere.

现在您可能已经猜到了，它非常简单.要修复错误消息，您只需删除 _csrf cookie，然后刷新页面.它将被 https-_csrf cookie 代替.

Well you probably guessed it by now, its very simple. To fix the error messages you simply need to remove the _csrf cookie, and refresh the page. It will be replaced by a https-_csrf cookie instead.

这篇关于Orocrm 仪表板显示“您无权执行此操作".错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！