Skip to content

IBX-11507: Critical errors logged when browsing BackOffice as user with limited permissions#100

Draft
Sztig wants to merge 1 commit into
4.6from
IBX-11507-log-pollution-fix
Draft

IBX-11507: Critical errors logged when browsing BackOffice as user with limited permissions#100
Sztig wants to merge 1 commit into
4.6from
IBX-11507-log-pollution-fix

Conversation

@Sztig
Copy link
Copy Markdown
Contributor

@Sztig Sztig commented May 12, 2026

🎫 Issue IBX-11507

Description:

This is a "hotfix" for excessive error logging when using backoffice as a user with limited permissions. The fix is not perfect as it silences the logging entirely.

Alternatives considered:
Make ArgumentsException extend UserWarning and remove the previous exception

  • silences logging entirely
  • loses stack trace
  • possible BC break?

Catch ArgumentsException in resolvers and re-throw as UserError/return null

  • would need to patch every resolver that calls findSingle
  • changes what callers receive ergo BC break?

The underlying issue is that we are no matter what querying all the info about content so depending on the permissions, other users will throw different errors in the logs while the backoffice functions as intended.
Fixing this by checking permissions seems to be too expensive/complex of a fix.

@ViniTou
Copy link
Copy Markdown
Contributor

ViniTou commented May 14, 2026
edited
Loading

This is no way to go, we cant just disable all logging.

Is it possible to use Monolog\Handler\AbstractProcessingHandler for it, and maybe check for namespace/class (Ibexa\GraphQL\DataLoader\Exception\ArgumentsException) or stacktrace in given exception, and when it match graphql we then ignore it?

or even better maybe we can easly configure it to log those into specific channel?

@Sztig
Copy link
Copy Markdown
Contributor Author

Sztig commented May 20, 2026

I've done some test and something like this seem to work - how about we log it under the default app.DEBUG or new channel like graphql.DEBUG instead of app.CRITICAL so it is still being logged but not in the production?

@konradoboza
Copy link
Copy Markdown
Contributor

konradoboza commented May 21, 2026
edited
Loading

@Sztig if what you meant is logging GraphQL issues in a separate channel then I think we should indeed go for it.

@konradoboza
Copy link
Copy Markdown
Contributor

konradoboza commented May 21, 2026

Also, CI on PHP 7.4 is fixed, feel free to rebase this PR.

@Sztig Sztig force-pushed the IBX-11507-log-pollution-fix branch from 271ebdb to 9b5d841 Compare May 22, 2026 11:46
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 22, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Sztig
Copy link
Copy Markdown
Contributor Author

Sztig commented May 22, 2026

So I have went with this approach - I have added new channel called graphql and through a listener send all the ArgumentsException exceptions there.
While it doesn't stop logging these exceptions, muting them specifically is now very easy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@tischsoic tischsoic

@konradoboza konradoboza

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Sztig @ViniTou @konradoboza @tischsoic