Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to edit other's shift swaps #5389

Open
prppedro opened this issue Dec 30, 2024 · 1 comment
Open

Unable to edit other's shift swaps #5389

prppedro opened this issue Dec 30, 2024 · 1 comment
Labels
bug Something isn't working needs triage part:schedules

Comments

@prppedro
Copy link

prppedro commented Dec 30, 2024
edited
Loading

What went wrong?

What happened:

  • A team-mate opened a shift swap request which I accepted;
  • Turns out this swap was scheduled to end at the world's ending;
  • I tried to change the dates, but the UI greys them out;
  • It also greys out the «Delete» button;
  • Tried via API, got empty response when listing shift swaps, as well as a «Not Found» when trying to get the details for the particular shift swap;
  • Using the API used by the UI gets me {"detail":"You do not have permission to perform this action."} when I try to use DELETE on the shift swap ID.

What did you expect to happen:

  • As an admin, I expected to be able to change the swap or at least remove it.

How do we reproduce it?

  1. Ask for a team mate to open a shift swap request;
  2. Try to edit or delete it;
  3. ????
  4. Realize you can't.
  5. In fact, realize you can't even change the dates on your own shift swap requests, only delete them.

Grafana OnCall Version

1.17.1

Product Area

Schedules

Grafana OnCall Platform?

I use Grafana Cloud

User's Browser?

No response

Anything else to add?

My user comes from Okta, but has full administrative permissions over the entire deployment. I'm able to create and delete schedules and I can even change their on-call profiles. Shift swaps is literally the only thing I don't have permission to edit.
@prppedro prppedro added the bug Something isn't working label Dec 30, 2024
@prppedro
Copy link
Author

prppedro commented Jan 6, 2025
edited
Loading

I was able to remove it using the following API call:

 curl "https://oncall-prod-us-central-0.grafana.net/oncall/api/v1/shift_swaps/<SHIFT_SWAP_ID>/?starting_after=2024-02-03T00:00:00Z"   --request DELETE   --header "Authorization: <REDACTED>"   --header "Content-Type: application/json"

For some unbeknownst reason, I had to include the starting_after parameter, otherwise I'd get the infamous Not Found from the API, of course. This token is the one generated at On Call settings, not a Grafana service account (love the fact that the OnCall API authenticates in a completely different way in relation to the Grafana API.)

I didn't want to delete it, initially, since I like to keep records on shift swaps, but I wasn't allowed to set and end_date that wasn't in the future. And even though I could've set it to end tomorrow, the API forced me — for, again, reasons — to set the start_date. Guess what? It also didn't accept dates in the future. Then I got fed up and deleted it.

It'd be very helpful we had a HTTP PATCH implementation to allow for partial updates, aiming to fix this kind of misshapen.

Also, what's with the UI? Why I can create an authorization token that allows me to delete a shift swap but can't use the bloody UI to do the same thing? This makes zero sense.

Developers, please...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs triage part:schedules
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@prppedro