Skip to content

Cannot create new room in room booking module due to failing user search #7016

New issue
New issue
Closed
#7017
Closed
Cannot create new room in room booking module due to failing user search#7016
#7017
Labels
bug
Milestone
v3.3
@behackl

Description

@behackl
behackl
opened on Aug 7, 2025

Describe the bug

When creating a new room in the room booking module of a fresh and completely empty Indico instance, I can't create a room as I am unable to assign a user as the room owner. The user search fails with

Access Denied
No search token. This is a bug, please report it.

To Reproduce

Steps to reproduce the behavior:

  1. Create a fresh and completely empty Indico instance (v3.3.7) with the room booking module enabled
  2. Login as a site admin user, go to the room booking module
  3. Create a new location, then try to create a new room for this location
  4. User search fails, which prohibits filling out the form

Expected behavior

User search should not fail for instance admins.

Additional context

I have found the (quite likely) responsible code and the comment explaining this behavior at

indico/indico/modules/rb/controllers/backend/misc.py

Lines 77 to 88 in bea25d1

# we assume room booking users are always a restricted/trusted audience who should be
# able to search for users. hence, we give them a search token straight away instead of
# linking it to an explicit access check to a room.
# the only exception here is that if there are no rooms, then we don't issue a token to
# avoid giving users an easy way to get a token in case of a poorly configured indico
# instance that has room booking enabled but never configured (and thus likely neither
# any rooms nor an ACL on who can access the module)
data['search_token'] = (
make_user_search_token()
if Room.query.filter(~Room.is_deleted).has_rows()
else None
)

I believe the logic should be slightly amended such that a token is created for site admins regardless of whether there are rooms or not. Alternatively, if this is the intended behavior, explicit documentation for creating a first room should be added.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions