Call another service with GET works, for POST don't!

@LBat wrote:

Hello community,

Need your help about this, I have a Service of type PHP, the script receive GET and POST and the process data. In my script I validate data by calling the MySQL

My script:

$api = $platform["api"];
$eventMethod = $event['request']['method'];
$DeveloperKey = $event['request']['headers']['x-developer-key'];
$APPKey = $event['request']['headers']['x-myapp-key'];
$developer_id = $platform['session']['user']['id'];

// use the options arg to set auth and content-type headers for external calls
// external calls use cURL and require these headers to be set
$options = [];
$options['headers'] = [];
$options['headers']['X-DreamFactory-Api-Key'] = $platform['session']['api_key'];
$options['headers']['X-DreamFactory-Session-Token'] = $platform['session']['session_token'];
$options['headers']['Content-Type'] = 'application/json';
$options['headers']['X-Developer-Key'] = $DeveloperKey;
$options['headers']['X-APP-Key'] = $APPKey;

if ($eventMethod=="POST"){
$eventParams = $event['request']['parameters'];
$eventResource = $event['resource'];

/* verify the Verb */
switch($eventResource){
    case "":
        $result = ['resource'=> ['new']];
        break;
    case "new":
        // validate if the $developer_id have the Developer_Key and the App_Key, if valid, then can create the new user
        $api = $platform["api"];
        $get = $api->get;
        //$urlDeveloper = "mysql/_table/user?related=myapp_by_owner_id&filter=(id%3D".$developer_id.")";
        //$urlDeveloper = "mysql/_table/VIEW_DeveloperApps?filter=(game_owner_id%3D".$developer_id.")%20and%20(developer_key%3D%22".$DeveloperKey."%22)%20and%20(app_api_key%3D%22".$APPKey."%22)";
        $urlDeveloper = "mysql/_table/VIEW_DeveloperApps?filter=(owner_id%3D3)";

        $resDeveloper = $get($urlDeveloper);

        if (array_key_exists("error", $resDeveloper["content"])) {
            throw new \Exception("Messsage = " . $result["content"]["error"]["message"]."'",$result["content"]["error"]["code"]);
        }  else if (empty($resDeveloper["content"]['resource'])){
            throw new \Exception('Developer not authorized! Create your account in MYAPPS.COM!',401);
        }
        return ['resDeveloper'=>$resDeveloper];

        $post = $api->post;
        $urlNewUser = 'user/register?login=false';
        $userUniqueCode = "XPTO0001TESTING";
        $payload = array('resource' => array('email'=>$eventParams['email'],'first_name'=>$eventParams['first_name'],'last_name'=>$eventParams['last_name'],'code'=>$userUniqueCode));
        $result = $post($urlNewUser, $payload);

        if (array_key_exists("error", $result["content"])) {
            throw new \Exception("Messsage = " . $result["content"]["error"]["message"]."'",$result["content"]["error"]["code"]);
        }
        return ['result' => 'ok', 'response'=>$result];
        break;
}

}else if ($eventMethod=="GET"){

// get records using internal URL such as db/_table/user_myotherfields
// get(url, payload, <options>)
// internal URL must start with a service name
// payload is usually NULL, but doesn't have to be
// options will be NULL because no auth or content-type headers are required for internal calls

// To get MyUser information need to get record by myUserUID (unique identifier)
$myUserUID = trim($event['resource']);

if (!empty($myUserUID)){
    $api = $platform["api"];
    $get = $api->get;
    $urlBase = 'mysql/_table/user_myotherfields';
    $fieldsToGet = 'fields=myUserUID%2CCity%2CZip%2CAddress';
    $filterToApply = 'filter=myUserUID%3D'.$myUserUID;
    $url = $urlBase.'?'.$fieldsToGet.'&'.$filterToApply;
    $result = $get($url);

    if (array_key_exists("error", $result["content"])) {
        throw new \Exception("Messsage = '" . $result["content"]["error"]["message"]."'",$result["content"]["error"]["code"]);
    }  else if (empty($result["content"]['resource'])){
        throw new \Exception('Player Not Found!!!',404);
    }
    return ['result' => 'ok', 'response'=>$result];
}else{
    throw new \DreamFactory\Core\Exceptions\BadRequestException("Need to provide a MyUser ID (myUserUID)");
}

}

---

This is a Service in PHP, receive a GET and a POST call, the "GET" is working fine, but the POST is the problem!

The GET verb, I call the mysql service to retrieve information and works fine.

The POST verb, first I go to make a GET to the "mysql" service to validate some information before to make a POST to "user" service to create a new user.

The table table/VIEWDeveloperApps it is a "View" in MySQL, but changed to a table and I get same error from DF.

I don't know if the problem is because I make a GET inside of POST call!

The error I get:

"resDeveloper": {
"status_code": 403,
"content": {
"error": {
"code": 403,
"context": null,
"message": "GET access to component 'table/VIEWDeveloperApps' of service 'mysql' is not allowed by this user's role.",
"trace": [....

I verify the Role to this user, and have in "Access Tab":

Service: mysql
Component: *
Access: GET, POST, PATCH, DELETE
Requester: API

And how I tell, the GET use the "mysql" service and work's fine!!!

Any orientation or help to put this work?

Best regards,
LB

Posts: 3

Participants: 2

Read full topic