Call another service with GET works, for POST don't!


#1

Hello community,

Need your help about this, I have a Service of type PHP, the script receive GET and POST and the process data. In my script I validate data by calling the MySQL

My script:
> $api = $platform[“api”];
> $eventMethod = $event[‘request’][‘method’];
> $DeveloperKey = $event[‘request’][‘headers’][‘x-developer-key’];
> $APPKey = $event[‘request’][‘headers’][‘x-myapp-key’];
> $developer_id = $platform[‘session’][‘user’][‘id’];
>
> // use the options arg to set auth and content-type headers for external calls
> // external calls use cURL and require these headers to be set
> $options = [];
> $options[‘headers’] = [];
> $options[‘headers’][‘X-DreamFactory-Api-Key’] = $platform[‘session’][‘api_key’];
> $options[‘headers’][‘X-DreamFactory-Session-Token’] = $platform[‘session’][‘session_token’];
> $options[‘headers’][‘Content-Type’] = ‘application/json’;
> $options[‘headers’][‘X-Developer-Key’] = $DeveloperKey;
> $options[‘headers’][‘X-APP-Key’] = $APPKey;
>
> if ($eventMethod==“POST”){
> $eventParams = $event[‘request’][‘parameters’];
> $eventResource = $event[‘resource’];
>
> /* verify the Verb */
> switch($eventResource){
> case “”:
> $result = [‘resource’=> [‘new’]];
> break;
> case “new”:
> // validate if the $developer_id have the Developer_Key and the App_Key, if valid, then can create the new user
> $api = $platform[“api”];
> $get = $api->get;
> //$urlDeveloper = “mysql/_table/user?related=myapp_by_owner_id&filter=(id%3D”.$developer_id.")";
> //$urlDeveloper = “mysql/_table/VIEW_DeveloperApps?filter=(game_owner_id%3D”.$developer_id.")%20and%20(developer_key%3D%22".$DeveloperKey."%22)%20and%20(app_api_key%3D%22".$APPKey."%22)";
> $urlDeveloper = “mysql/_table/VIEW_DeveloperApps?filter=(owner_id%3D3)”;
>
> $resDeveloper = $get($urlDeveloper);
>
> if (array_key_exists(“error”, $resDeveloper[“content”])) {
> throw new \Exception(“Messsage = " . $result[“content”][“error”][“message”].”’",$result[“content”][“error”][“code”]);
> } else if (empty($resDeveloper[“content”][‘resource’])){
> throw new \Exception(‘Developer not authorized! Create your account in MYAPPS.COM!’,401);
> }
> return [‘resDeveloper’=>$resDeveloper];
>
> $post = $api->post;
> $urlNewUser = ‘user/register?login=false’;
> $userUniqueCode = “XPTO0001TESTING”;
> $payload = array(‘resource’ => array(‘email’=>$eventParams[‘email’],‘first_name’=>$eventParams[‘first_name’],‘last_name’=>$eventParams[‘last_name’],‘code’=>$userUniqueCode));
> $result = $post($urlNewUser, $payload);
>
> if (array_key_exists(“error”, $result[“content”])) {
> throw new \Exception(“Messsage = " . $result[“content”][“error”][“message”].”’",$result[“content”][“error”][“code”]);
> }
> return [‘result’ => ‘ok’, ‘response’=>$result];
> break;
> }
>
> }else if ($eventMethod==“GET”){
>
> // get records using internal URL such as db/_table/user_myotherfields
> // get(url, payload, )
> // internal URL must start with a service name
> // payload is usually NULL, but doesn’t have to be
> // options will be NULL because no auth or content-type headers are required for internal calls
>
> // To get MyUser information need to get record by myUserUID (unique identifier)
> $myUserUID = trim($event[‘resource’]);
>
> if (!empty($myUserUID)){
> $api = $platform[“api”];
> $get = $api->get;
> $urlBase = ‘mysql/_table/user_myotherfields’;
> $fieldsToGet = ‘fields=myUserUID%2CCity%2CZip%2CAddress’;
> $filterToApply = ‘filter=myUserUID%3D’.$myUserUID;
> $url = $urlBase.’?’.$fieldsToGet.’&’.$filterToApply;
> $result = $get($url);
>
> if (array_key_exists(“error”, $result[“content”])) {
> throw new \Exception(“Messsage = '” . $result[“content”][“error”][“message”]."’",$result[“content”][“error”][“code”]);
> } else if (empty($result[“content”][‘resource’])){
> throw new \Exception(‘Player Not Found!!!’,404);
> }
> return [‘result’ => ‘ok’, ‘response’=>$result];
> }else{
> throw new \DreamFactory\Core\Exceptions\BadRequestException(“Need to provide a MyUser ID (myUserUID)”);
> }
>
> }


This is a Service in PHP, receive a GET and a POST call, the “GET” is working fine, but the POST is the problem!

The GET verb, I call the mysql service to retrieve information and works fine.

The POST verb, first I go to make a GET to the “mysql” service to validate some information before to make a POST to “user” service to create a new user.

The table _table/VIEW_DeveloperApps it is a “View” in MySQL, but changed to a table and I get same error from DF.

I don’t know if the problem is because I make a GET inside of POST call!

The error I get:

“resDeveloper”: {
“status_code”: 403,
“content”: {
“error”: {
“code”: 403,
“context”: null,
“message”: “GET access to component ‘_table/VIEW_DeveloperApps’ of service ‘mysql’ is not allowed by this user’s role.”,
“trace”: […

I verify the Role to this user, and have in “Access Tab”:

Service: mysql
Component: *
Access: GET, POST, PATCH, DELETE
Requester: API

And how I tell, the GET use the “mysql” service and work’s fine!!!

Any orientation or help to put this work?

Best regards,
LB


#2

Enable requester to API, SCRIPT in your role access tab


#3

Hello and many many Thanks,

Resolved :grinning: it’s working fine.

Best regards,
LB