Mattermost, Inc.

403 Error When Creating New Webhook

For feature requests, please see: http://www.mattermost.org/feature-requests/.

For troubleshooting questions, please post in the following format:

Summary

Hey. When trying to create a new webhook, I get an error message in the bottom left hand corner of the page that states: “You do not have the appropriate permissions”. According to the Mattermost logs, the following error is generated when clicking on the Save button:

“{“level”:“error”,“ts”:1574846356.7781525,“caller”:“mlog/log.go:174”,“msg”:“You do not have the appropriate permissions”,“path”:”/api/v4/hooks/incoming",“request_id”:“4ryofy6z3byb9cktqrkkbhsy8y”,“ip_addr”:“REMOVED”,“user_id”:“REMOVED”,“method”:“POST”,“err_where”:“Permissions”,“http_code”:403,“err_details”:“userId=REMOVED, permission=manage_incoming_webhooks”}"

Steps to reproduce

Go to “integrations/incoming_webhooks/add” and try to add a new webhook.

Expected behavior

Creating a new webhook.

Observed behavior

“You do not have the appropriate permissions”

The Mattermost installation is on version: 5.16.2

Many thanks,

Hello, @izacizac

I just tried to reproduce it on my end on the same version 5.16.2 but did not run into the same issue when creating an incoming webhook using a System Administrator account.

{"level":"debug","ts":1574879571.5091808,"caller":"web/handlers.go:60","msg":"request:","method":"POST","url":"/api/v4/channels/members/me/view"}
{"level":"debug","ts":1574879571.5175264,"caller":"web/handlers.go:60","msg":"request:","method":"GET","url":"/api/v4/users/me/teams/a6z45fudijr69n8686wast3bse/channels"}
{"level":"debug","ts":1574879571.5223076,"caller":"web/handlers.go:60","msg":"request:","method":"GET","url":"/api/v4/users/me/teams/a6z45fudijr69n8686wast3bse/channels/members"}
{"level":"debug","ts":1574879584.589997,"caller":"web/handlers.go:60","msg":"request:","method":"POST","url":"/api/v4/hooks/incoming"}
{"level":"debug","ts":1574879585.8925292,"caller":"web/handlers.go:60","msg":"request:","method":"POST","url":"/api/v4/channels/members/me/view"}
...
{"level":"debug","ts":1574879589.670335,"caller":"web/handlers.go:60","msg":"request:","method":"POST","url":"/api/v4/channels/members/me/view"}
{"level":"debug","ts":1574879591.2682254,"caller":"web/handlers.go:60","msg":"request:","method":"GET","url":"/api/v4/hooks/incoming"}
{"level":"debug","ts":1574879591.871824,"caller":"web/handlers.go:60","msg":"request:","method":"POST","url":"/api/v4/channels/members/me/view"}

May I know if your Mattermost instance implements any restrictions to webhook management based on the Restrict managing webhooks and slash commands documentation?

Hi @ahmaddanial

I think it probably does. I have only recently discovered that there is meant to be an admin console that I should have access to, to grant these permissions. Unfortunately as I have inherited the Linux server that hosts the GitLab and Mattermost instance, I am piecing together how it works. I have no idea how the Mattermost instance was installed/configured.

I’ve tried the following command on the Linux server to grant my user the system_admin role:

cd /opt/gitlab/embedded/bin/

./mattermost roles system_admin izac

But in return I am greeted with the following error:

panic: Unable to find i18n directory

Which lead me down a rabbit hole of trying to work out why this error occurs - but I have been unable to resolve it.

Do you have any idea why this error occurs?

Many thanks

I see the same error message when using the mattermost console.

Hi, @izacizac

The first entry that I received after I ran the command was the fact that the system was loading the translation from the /opt/mattermost/i18n/en.json directory:

ahmaddanial@mattermost:/opt/mattermost/bin$ ./mattermost roles system_admin danny.mohammad
{"level":"info","ts":1576641661.2940016,"caller":"utils/i18n.go:83","msg":"Loaded system translations","for locale":"en","from locale":"/opt/mattermost/i18n/en.json"}
ahmaddanial@mattermost:~$ ls -lAh /opt/mattermost/i18n/en.json
-rw-rw-r-- 1 mattermost mattermost 247K Nov 25 17:42 /opt/mattermost/i18n/en.json

As I am not entirely certain how the deployment was done on your end, can we try to look for the file if it exists (assuming that the installation was done through the steps in GitLab Mattermost documentation?

sudo find /opt/gitlab/ -name "en.json"

May I also know if you have access to the database hosting Mattermost? If you do, can you run the following command so we can verify users who have the System Administrator permission?

SELECT * FROM Users WHERE Roles LIKE "%system_admin%";

Hello, @Paebbels

Can you please confirm if the account that you are using to create the webhook has the right system_admin permission?

Also, do share the configuration of you System Console > Integration Management screen shot too:

Mattermost is part of my GitLab instance installed from a *.deb package (Omnibus installation).

I needed to cd into the mattermost directory and run the mattermost console, which is stored somewhere else, so mattermost can find the i18n files.

This paragraph in the Mattermost help pages explained it: https://docs.mattermost.com/administration/command-line-tools.html#using-the-cli-on-gitlab-omnibus

cd /opt/gitlab/embedded/service/mattermost
sudo -u mattermost /opt/gitlab/embedded/bin/mattermost --config=/var/opt/gitlab/mattermost/config.json version