API tokens requests returns 401 Unauthorized for user operations /api/v1/user/...

[alvarolm]

Description

There is no issue with the jwt token generated on authenthication but the using an API token with all the permissions granted results on 401 responses no matter what for requests to the endpoint /api/v1/user/...

I have tried with the same token for https://try.vikunja.io/api/v1/docs#tag/labels/paths/~1labels/get and works as expected.

token permissions granted:

filters: create, delete, read one, update
labels: create, delete, read all, read one, update
migration: ticktick migrate, ticktick status, vikunja-file migrate, vikunja-file status
notifications: read all, update
other: notifications, routes, users
projects: background, background delete, backgrounds upload, create, delete, projectusers, read all, read one, update
projectsDuplicate: create
projectsShares: create, delete, read all, read one
projectsTeams: create, delete, read all, update
projectsUsers: create, delete, read all, update
projectsViews: create, delete, read all, read one, update
projectsViewsBuckets: create, delete, read all, update
projectsViewsBucketsTasks: update
projectsViewsTasks: read all
projectsWebhooks: create, delete, read all, update
reactions: create, read all
reactionsDelete: delete
tasks: create, delete, read all, read one, update, update bulk
tasksAssignees: create, create bulk, delete, read all
tasksAttachments: create, delete, read all, read one
tasksComments: create, delete, read all, read one, update
tasksLabels: create, create bulk, delete, read all
tasksPosition: update
tasksRelations: create, delete
teams: create, delete, read all, read one, update
teamsMembers: create, delete
teamsMembersAdmin: update
webhooks: events

Currently using:
v0.24.6

Vikunja Version

v0.24.6

Browser and version

No response

Can you reproduce the bug on the Vikunja demo site?

Yes

Screenshots

No response

[alvarolm]

it seems there is no implementation for handling these routes:

CanDoAPIRoute path /api/v1/user/export/request
CanDoAPIRoute routeGroupName-before user_export_request
CanDoAPIRoute routeGroupName user_export_request
CanDoAPIRoute routeParts [user export request]
CanDoAPIRoute token.Permissions:
{
  "other": ["notifications", "routes", "users"],
  "projects_shares": ["create", "delete", "read_all", "read_one"],
  "projects_webhooks": ["create", "delete", "read_all", "update"],
  "tasks_attachments": ["create", "delete", "read_all", "read_one"],
  "tasks": ["create", "delete", "read_all", "read_one", "update", "update_bulk"],
  "teams_members_admin": ["update"],
  "reactions_delete": ["delete"],
  "projects_duplicate": ["create"],
  "projects_views_buckets": ["create", "delete", "read_all", "update"],
  "tasks_assignees": ["create", "create_bulk", "delete", "read_all"],
  "tasks_comments": ["create", "delete", "read_all", "read_one", "update"],
  "webhooks": ["events"],
  "filters": ["create", "delete", "read_one", "update"],
  "migration": ["ticktick_migrate", "ticktick_status", "vikunja-file_migrate", "vikunja-file_status"],
  "projects": ["background", "background_delete", "backgrounds_upload", "create", "delete", "projectusers", "read_all", "read_one", "update"],
  "projects_teams": ["create", "delete", "read_all", "update"],
  "projects_views_tasks": ["read_all"],
  "tasks_labels": ["create", "create_bulk", "delete", "read_all"],
  "tasks_relations": ["create", "delete"],
  "teams_members": ["create", "delete"],
  "reactions": ["create", "read_all"],
  "notifications": ["read_all", "update"],
  "projects_users": ["create", "delete", "read_all", "update"],
  "tasks_position": ["update"],
  "teams": ["create", "delete", "read_all", "read_one", "update"],
  "labels": ["create", "delete", "read_all", "read_one", "update"],
  "projects_views": ["create", "delete", "read_all", "read_one", "update"],
  "projects_views_buckets_tasks": ["update"]
}
missing group for token.Permissions
missing group (routeParts[0]) for token.Permissions

logs.txt
api_routes.go.diff.txt