Skip to content

Fix cross-team asset 401 and stale label associations in QC script#38

Open
salmanfarisvp wants to merge 1 commit into
masterfrom
fix/cross-team-assets-and-stale-label-associations
Open

Fix cross-team asset 401 and stale label associations in QC script#38
salmanfarisvp wants to merge 1 commit into
masterfrom
fix/cross-team-assets-and-stale-label-associations

Conversation

@salmanfarisvp

Copy link
Copy Markdown
Member

Summary

  • Root cause: GET /v4/assets returns cross-team shared assets that the token's RLS policy blocks on insert (42501 insufficient_privilege → HTTP 401). The script was randomly picking these assets, causing consistent failures at POST /v4/playlist-items.
  • Secondary issue: delete_playlist() was not removing labels/playlists associations before deleting a playlist, leaving stale rows that caused POST /v4/labels/playlists to fail on subsequent runs.

Changes

Fix cross-team asset 401

  • Added get_team_id() helper that fetches the current account's team ID via GET /v4/labels?type=eq.all-screens
  • Updated get_ten_random_assets() to accept team_id and filter the assets query with team_id=eq.{team_id}, ensuring only same-team assets (which the token can insert) are selected

Fix stale label associations

  • Updated delete_playlist() to explicitly call DELETE /v4/labels/playlists?playlist_id=eq.{id} before deleting playlist items and the playlist itself
  • Added resolution=ignore-duplicates to the Prefer header in POST /v4/labels/playlists as a safety net

Better observability

  • Added progress logging (Playlist created, Adding assets to playlist..., Assigning playlist to all screens...) so future failures are immediately pinpointed to the exact step
  • Renamed the catch-all error message from "Unable to create playlist" to "QC playlist setup failed" since it covers asset-adding and label-linking failures too

API Issues Raised

These are workarounds for underlying API inconsistencies that have been raised as an engineering ticket:

  1. GET /v4/assets should not return assets the token cannot write — or should clearly mark them as read-only/cross-team
  2. RLS/privilege violations should return 403 Forbidden, not 401 Unauthorized
  3. DELETE /v4/playlists should cascade-delete labels/playlists rows

Test plan

  • Ran locally — script completed successfully end-to-end (exit code 0)
  • Verified delete_playlist() cleans up label associations on each run
  • Verified get_ten_random_assets() only returns same-team assets

The QC script was failing with 401 when adding assets to playlists
because GET /v4/assets returns cross-team assets that the token's RLS
policy blocks on insert (42501 insufficient_privilege). Fixed by
fetching the current team_id and filtering assets by team_id in the
query.

Also fixed delete_playlist() to explicitly remove labels/playlists
associations before deleting a playlist, preventing stale rows that
caused POST /v4/labels/playlists to fail on subsequent runs.

Additional improvements:
- Add resolution=ignore-duplicates to POST /v4/labels/playlists as
  a safety net against any remaining stale associations
- Add progress logging in create_qc_playlist() to make it clear
  which step fails when errors occur
- Rename error message from "Unable to create playlist" to "QC
  playlist setup failed" to better reflect that the failure may
  occur in asset-adding or label-linking steps, not just creation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant