* Describe the bug
I investigated the “No Permission” issue and discovered that it is caused by the JavaScript logic within the current session.
Specifically, if the user role is not Admin or Root, the system does not have permission to execute the SQL query used to retrieve the customer ID. As a result, the following query fails:
正在上传:image.png…
SELECT COUNT(*) AS total, COUNT(CASE WHEN status = 'processing' THEN 1 END) AS processing_count, COUNT(CASE WHEN status = 'pending' THEN 1 END) AS pending_count, COUNT(CASE WHEN status = 'resolved' THEN 1 END) AS resolved_count FROM nb_tts_tickets
Because of this error:
-
The UI does not display ticket counts in each tab.
-
A popup error message appears whenever the page is refreshed
* Environment
- NocoBase version: 2.0.9
- Database type and version: PostgreSQL16
- OS: Windows
- Deployment Methods: Create-nocobase-app, Git source code
- Docker image version:
- NodeJS version: v22.14
* How To Reproduce
The demo I requested from the official website also exhibits the same issue, which makes it easy to reproduce. By simply logging in with a Customer role and navigating to the Customer Center, the popup error message will appear.
Expected behavior
The expected behavior is that the system correctly displays the ticket counts in each tab, and no popup error messages should appear.
Screenshots
Logs
main2026-03-04 09:43:04 [error] No permissions extra={"method":"error-handler","err":"ForbiddenError: No permissions\n at Object.throw (/home/vv/my-nocobase/node_modules/koa/lib/context.js:97:11)\n at middlewares.add.tag (/home/vv/my-nocobase/packages/core/acl/lib/acl.js:419:20)\n at dispatch (/home/vv/my-nocobase/node_modules/koa-compose/index.js:42:32)\n at parseACL (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-public-forms/dist/server/plugin.js:179:14)\n at dispatch (/home/vv/my-nocobase/node_modules/koa-compose/index.js:42:32)\n at checkAssociationOperate (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-acl/dist/server/middlewares/check-association-operate.js:37:12)\n at dispatch (/home/vv/my-nocobase/node_modules/koa-compose/index.js:42:32)\n at /home/vv/my-nocobase/packages/plugins/@nocobase/plugin-acl/dist/server/server.js:506:14\n at dispatch (/home/vv/my-nocobase/node_modules/koa-compose/index.js:42:32)\n at /home/vv/my-nocobase/packages/core/acl/lib/allow-manager.js:118:13\n at process.processTicksAndRejections (node:internal/process/task_queues:105:5)\n at async ACLMiddleware (/home/vv/my-nocobase/packages/core/acl/lib/acl.js:336:14)\n at async setCurrentRole (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-acl/dist/server/middlewares/setCurrentRole.js:124:3)\n at async app.resourcer.use.group (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-api-keys/dist/server/plugin.js:62:9)\n at async /home/vv/my-nocobase/packages/plugins/@nocobase/plugin-users/dist/server/server.js:208:7\n at async deleteRolesCache (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-users/dist/server/server.js:197:7)\n at async handleFieldSourceMiddleware (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-main/dist/server/server.js:463:7)\n at async mergeReverseFieldWhenSaveCollectionField (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-main/dist/server/server.js:413:7)\n at async templateDataMiddleware (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-block-template/dist/server/middlewares/templateData.js:45:3)\n at async pushUISchemaWhenUpdateCollectionField (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-main/dist/server/server.js:374:7)\n at async pushUISchemaWhenUpdateCollectionField (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-main/dist/server/server.js:355:7)\n at async appendDataToRolesCheck (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-manager/dist/server/plugin.js:566:7)"} meta={"err":"ForbiddenError: No permissions\n at Object.throw (/home/vv/my-nocobase/node_modules/koa/lib/context.js:97:11)\n at middlewares.add.tag (/home/vv/my-nocobase/packages/core/acl/lib/acl.js:419:20)\n at dispatch (/home/vv/my-nocobase/node_modules/koa-compose/index.js:42:32)\n at parseACL (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-public-forms/dist/server/plugin.js:179:14)\n at dispatch (/home/vv/my-nocobase/node_modules/koa-compose/index.js:42:32)\n at checkAssociationOperate (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-acl/dist/server/middlewares/check-association-operate.js:37:12)\n at dispatch (/home/vv/my-nocobase/node_modules/koa-compose/index.js:42:32)\n at /home/vv/my-nocobase/packages/plugins/@nocobase/plugin-acl/dist/server/server.js:506:14\n at dispatch (/home/vv/my-nocobase/node_modules/koa-compose/index.js:42:32)\n at /home/vv/my-nocobase/packages/core/acl/lib/allow-manager.js:118:13\n at process.processTicksAndRejections (node:internal/process/task_queues:105:5)\n at async ACLMiddleware (/home/vv/my-nocobase/packages/core/acl/lib/acl.js:336:14)\n at async setCurrentRole (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-acl/dist/server/middlewares/setCurrentRole.js:124:3)\n at async app.resourcer.use.group (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-api-keys/dist/server/plugin.js:62:9)\n at async /home/vv/my-nocobase/packages/plugins/@nocobase/plugin-users/dist/server/server.js:208:7\n at async deleteRolesCache (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-users/dist/server/server.js:197:7)\n at async handleFieldSourceMiddleware (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-main/dist/server/server.js:463:7)\n at async mergeReverseFieldWhenSaveCollectionField (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-main/dist/server/server.js:413:7)\n at async templateDataMiddleware (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-block-template/dist/server/middlewares/templateData.js:45:3)\n at async pushUISchemaWhenUpdateCollectionField (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-main/dist/server/server.js:374:7)\n at async pushUISchemaWhenUpdateCollectionField (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-main/dist/server/server.js:355:7)\n at async appendDataToRolesCheck (/home/vv/my-nocobase/packages/plugins/@nocobase/plugin-data-source-manager/dist/server/plugin.js:566:7)"} module=flowSql submodule=save method=error-handler app=main reqId=a6b6ac80-fcf9-4fc9-9dda-629c055c3bbb dataSourceKey=main