i created a new instance with this compose:
version: '3.5'
services:
server:
container_name: crm1
image: cortezaproject/corteza-server:2021.3
restart: always
volumes:
- site-data:/data
environment:
DOMAIN : ${DOMAIN}
DB_DSN : dbuser:dbpass@tcp(db:3306)/dbname?collation=utf8mb4_general_ci
#LOG_DEBUG : "true"
#LOG_LEVEL : "DEBUG"
HTTP_WEBAPP_ENABLED : "true"
AUTH_JWT_SECRET : secret
LETSENCRYPT_HOST : "test"
depends_on: [ db ]
networks:
- crmnet
- traefik-public
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.routers.crm-app.entrypoints=http
- traefik.http.routers.crm-app.rule=Host(`${DOMAIN}`,`www.${DOMAIN}`) ## Hier eure Domain eingeben ##
- traefik.http.routers.crm-app.middlewares=https-redirect
- traefik.http.routers.crm-app-secure.entrypoints=https
- traefik.http.routers.crm-app-secure.rule=Host(`${DOMAIN}`,`www.${DOMAIN}`) ## Hier eure Domain eingeben ##
- traefik.http.routers.crm-app-secure.tls=true
- traefik.http.routers.crm-app-secure.tls.certresolver=le
- traefik.http.routers.crm-app-secure.service=crm1
- traefik.http.services.crm1.loadbalancer.server.port=80
db:
image: percona:8.0
volumes:
- db-data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: crmpass
MYSQL_DATABASE: dbname
MYSQL_USER: dbuser
MYSQL_PASSWORD: dbpass
restart: always
networks:
- crmnet
healthcheck: { test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"], timeout: 20s, retries: 10 }
networks:
traefik-public:
external: true
crmnet:
volumes:
db-data:
site-data:
and on creating the first account, which has the admin role:
there is no settings or other site which should be present in the admin interface for admins.
and i cant change any settings in any of the system sites.
heres the sql dump if it helps
mysql> SELECT * from roles;
+--------------------+----------------+------------+-------------+---------------------+------------+------------+
| id | name | handle | archived_at | created_at | updated_at | deleted_at |
+--------------------+----------------+------------+-------------+---------------------+------------+------------+
| 1 | Everyone | everyone | NULL | 2021-09-13 10:57:03 | NULL | NULL |
| 2 | Administrators | admins | NULL | 2021-09-13 10:57:03 | NULL | NULL |
| 248809172957731075 | Federation | federation | NULL | 2021-09-13 10:57:04 | NULL | NULL |
| 248809173091883267 | Developers | developers | NULL | 2021-09-13 10:57:04 | NULL | NULL |
+--------------------+----------------+------------+-------------+---------------------+------------+------------+
4 rows in set (0.00 sec)
mysql> SELECT * from rbac_rules;
+--------------------+--------------------------------------+--------------------+--------+
| rel_role | resource | operation | access |
+--------------------+--------------------------------------+--------------------+--------+
| 1 | compose | access | 1 |
| 1 | compose:chart:* | read | 1 |
| 1 | compose:module:* | read | 1 |
| 1 | compose:namespace:* | read | 1 |
| 1 | compose:namespace:248809173125634307 | delete | 0 |
| 1 | compose:namespace:248809173125634307 | module.create | 1 |
| 1 | compose:namespace:248809173125634307 | read | 1 |
| 1 | compose:page:* | read | 1 |
| 1 | system:application:* | read | 1 |
| 1 | system:auth-client:* | authorize | 1 |
| 1 | system:role:* | read | 1 |
| 1 | system:template:* | render | 1 |
| 1 | system:user:* | read | 1 |
| 1 | system:user:* | unmask.email | 1 |
| 1 | system:user:* | unmask.name | 1 |
| 2 | automation | access | 1 |
| 2 | automation | grant | 1 |
| 2 | automation | sessions.search | 1 |
| 2 | automation | triggers.search | 1 |
| 2 | automation | workflow.create | 1 |
| 2 | automation:workflow:* | delete | 1 |
| 2 | automation:workflow:* | execute | 1 |
| 2 | automation:workflow:* | read | 1 |
| 2 | automation:workflow:* | sessions.manage | 1 |
| 2 | automation:workflow:* | triggers.manage | 1 |
| 2 | automation:workflow:* | update | 1 |
| 2 | compose | access | 1 |
| 2 | compose | grant | 1 |
| 2 | compose | namespace.create | 1 |
| 2 | compose | settings.manage | 1 |
| 2 | compose | settings.read | 1 |
| 2 | compose:chart:* | delete | 1 |
| 2 | compose:chart:* | read | 1 |
| 2 | compose:chart:* | update | 1 |
| 2 | compose:module:* | delete | 1 |
| 2 | compose:module:* | read | 1 |
| 2 | compose:module:* | record.create | 1 |
| 2 | compose:module:* | record.delete | 1 |
| 2 | compose:module:* | record.read | 1 |
| 2 | compose:module:* | record.update | 1 |
| 2 | compose:module:* | update | 1 |
| 2 | compose:namespace:* | chart.create | 1 |
| 2 | compose:namespace:* | delete | 1 |
| 2 | compose:namespace:* | manage | 1 |
| 2 | compose:namespace:* | module.create | 1 |
| 2 | compose:namespace:* | page.create | 1 |
| 2 | compose:namespace:* | read | 1 |
| 2 | compose:namespace:* | update | 1 |
| 2 | compose:page:* | delete | 1 |
| 2 | compose:page:* | read | 1 |
| 2 | compose:page:* | update | 1 |
| 2 | federation | access | 1 |
| 2 | federation | grant | 1 |
| 2 | federation | node.create | 1 |
| 2 | federation | pair | 1 |
| 2 | federation | settings.manage | 1 |
| 2 | federation | settings.read | 1 |
| 2 | federation:module:* | manage | 1 |
| 2 | federation:module:* | map | 1 |
| 2 | federation:node:* | manage | 1 |
| 2 | federation:node:* | module.create | 1 |
| 2 | system | access | 1 |
| 2 | system | application.create | 1 |
| 2 | system | authClient.create | 1 |
| 2 | system | grant | 1 |
| 2 | system | reminder.assign | 1 |
| 2 | system | role.create | 1 |
| 2 | system | settings.manage | 1 |
| 2 | system | settings.read | 1 |
| 2 | system | template.create | 1 |
| 2 | system | user.create | 1 |
| 2 | system:application:* | delete | 1 |
| 2 | system:application:* | read | 1 |
| 2 | system:application:* | update | 1 |
| 2 | system:auth-client:* | delete | 1 |
| 2 | system:auth-client:* | read | 1 |
| 2 | system:auth-client:* | update | 1 |
| 2 | system:role:* | delete | 1 |
| 2 | system:role:* | members.manage | 1 |
| 2 | system:role:* | read | 1 |
| 2 | system:role:* | update | 1 |
| 2 | system:template:* | delete | 1 |
| 2 | system:template:* | read | 1 |
| 2 | system:template:* | render | 1 |
| 2 | system:template:* | update | 1 |
| 2 | system:user:* | delete | 1 |
| 2 | system:user:* | read | 1 |
| 2 | system:user:* | suspend | 1 |
| 2 | system:user:* | unmask.email | 1 |
| 2 | system:user:* | unmask.name | 1 |
| 2 | system:user:* | unsuspend | 1 |
| 2 | system:user:* | update | 1 |
| 248809172957731075 | federation | access | 1 |
| 248809172957731075 | federation | grant | 1 |
| 248809172957731075 | federation | node.create | 1 |
| 248809172957731075 | federation | pair | 1 |
| 248809172957731075 | federation | settings.manage | 1 |
| 248809172957731075 | federation | settings.read | 1 |
| 248809172957731075 | federation:module:* | manage | 1 |
| 248809172957731075 | federation:module:* | map | 1 |
| 248809172957731075 | federation:node:* | manage | 1 |
| 248809172957731075 | federation:node:* | module.create | 1 |
| 248809173091883267 | automation | access | 1 |
| 248809173091883267 | automation | grant | 1 |
| 248809173091883267 | automation | sessions.search | 1 |
| 248809173091883267 | automation | triggers.search | 1 |
| 248809173091883267 | automation | workflow.create | 1 |
| 248809173091883267 | automation:workflow:* | delete | 1 |
| 248809173091883267 | automation:workflow:* | execute | 1 |
| 248809173091883267 | automation:workflow:* | read | 1 |
| 248809173091883267 | automation:workflow:* | sessions.manage | 1 |
| 248809173091883267 | automation:workflow:* | triggers.manage | 1 |
| 248809173091883267 | automation:workflow:* | update | 1 |
+--------------------+--------------------------------------+--------------------+--------+
113 rows in set (0.00 sec)
mysql> SELECT * from role_members;
+----------+--------------------+
| rel_role | rel_user |
+----------+--------------------+
| 2 | 248809290381400323 |
+----------+--------------------+
1 row in set (0.00 sec)
mysql> SELECT * from users;
+--------------------+----------------------------------+-----------------+----------+---------------+--------+------+---------------------------------------------------------------------------------+--------------+---------------------+---------------------+------------+
| id | email | email_confirmed | username | name | handle | kind | meta | suspended_at | created_at | updated_at | deleted_at |
+--------------------+----------------------------------+-----------------+----------+---------------+--------+------+---------------------------------------------------------------------------------+--------------+---------------------+---------------------+------------+
| 248809290381400323 | redacted | 1 | | redacted | bg | | {"securityPolicy": {"mfa": {"enforcedTOTP": false, "enforcedEmailOTP": false}}} | NULL | 2021-09-13 10:58:14 | 2021-09-13 10:58:21 | NULL |
| 248811479153776903 | redacted | 1 | | test | test | | null | NULL | 2021-09-13 11:19:58 | NULL | NULL |
+--------------------+----------------------------------+-----------------+----------+---------------+--------+------+---------------------------------------------------------------------------------+--------------+---------------------+---------------------+------------+
2 rows in set (0.00 sec)
also afte creating a non admin account it seems that with the admin role i have exact the same rights as without it
darh
September 13, 2021, 3:33pm
#3
This does not make any sense.
Does the situation improves if you restart the server?
ok i think i fixed it. I don’t know what the actual error was but i wiped the docker stack and made a new one with a different name. There must have been something hanging around in the old stack when I redeployed it .I deleted both volumes and hence all perisiting data and that might have been not enough dunno why on the deploy where the error came
