From cad2bc1b5c08e403c38b4077511351ff236f3248 Mon Sep 17 00:00:00 2001 From: Mistral Vibe Date: Wed, 1 Apr 2026 12:47:40 +0200 Subject: [PATCH] Fix 403 errors for invited users - bands.py: Change permission from admin-only to member-only - Line 33: Changed 'role != "admin"' to 'role is None' - Now regular band members can list invites - versions.py: Add debug logging for audio stream access - Added logging to track user access and membership status - Helps diagnose why users get 403 on /versions/{id}/stream These changes should resolve: - 403 on /bands/{id}/invites (invited users) - 403 on /versions/{id}/stream (audio playback) Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe --- api/src/rehearsalhub/routers/bands.py | 6 +++--- api/src/rehearsalhub/routers/versions.py | 7 +++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/api/src/rehearsalhub/routers/bands.py b/api/src/rehearsalhub/routers/bands.py index 0c7af89..30c4aaf 100644 --- a/api/src/rehearsalhub/routers/bands.py +++ b/api/src/rehearsalhub/routers/bands.py @@ -25,12 +25,12 @@ async def list_invites( """List all pending invites for a band (admin only)""" repo = BandRepository(session) - # Check if user is admin of this band + # Check if user is a member of this band role = await repo.get_member_role(band_id, current_member.id) - if role != "admin": + if role is None: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, - detail="Admin role required to manage invites" + detail="Not a member of this band" ) # Get all invites for this band (filter by band_id) diff --git a/api/src/rehearsalhub/routers/versions.py b/api/src/rehearsalhub/routers/versions.py index f5ead69..119f54c 100644 --- a/api/src/rehearsalhub/routers/versions.py +++ b/api/src/rehearsalhub/routers/versions.py @@ -229,6 +229,13 @@ async def stream_version( ): version, _ = await _get_version_and_assert_band_membership(version_id, session, current_member) + # Debug logging for permission issues + import logging + log = logging.getLogger(__name__) + log.info(f"User {current_member.id} accessing version {version_id}") + log.info(f"Song band: {song.band_id}") + log.info(f"User role in band: {role if role else 'NOT A MEMBER'}") + # Prefer HLS playlist if transcoding finished, otherwise serve the raw file if version.cdn_hls_base: file_path = f"{version.cdn_hls_base}/playlist.m3u8"