Create only One Public API


#1

How to create a single public api using roles. Added a guest role & allowed access to component “*” for a service. It worked without login.

But when I change the component from * to a specific component say “_table/department/*”, its returns 401 Unauthorized.

Would be great if somebody could help me on this.


#2

Tejas,
What version of DreamFactory are you working on?

We had a report similar to this which was fixed late last month. So, if you ran a git pull, it would get the latest code with the fix.

Please let me know about the version and I can guide further.

Sridhar


#3

Hey @sridharsa,

Thanks for the reply. I have installed the DreamFactory through Bitnami Installer.

DreamFactory shown on the admin panel is 2.0.2


#4

@tejas I duplicated this issue and will be filing a bug.
I was able to work around this issue though by changing the component access to “_table/department/” instead of “_table/department/*”


#5

Clarification:
This is not a bug. The way the role access configuration works is thus.
_table/department/ allows you access to items at that level of the API (think like folder paths.) Get all records, user filters, etc.
_table/department/* allows you access to items in the next level of the of REST path. For SQL tables this individual records by id. I.e. GET on _table/department/4 retrieves the record whose ID is 4.


#6

Hey @drewpearce,

Thanks for the info on how the Roles work.

My scenario is as follows:

  • Have 2 tables named X & Y
  • X have a Foreign Key Constraint on “id” from Y, named Y_ID.
  • I am fetching the records in X by joining it with Y(Getting “name” from Y)
  • I set the GET access to these 2 “_table/X” & “_table/Y” for a GUEST role.

Still getting the error "GET access to component ‘/_table/Y’ of service ‘XYZ’ is not allowed by this user’s role."
Error Code is 403

How can I handle this situation?


#7

in your role, try adding access for both _table/Y and _table/Y/*


#8

Hey @drewpearce,

Tried what you recommended. Didnt helped much.
Is the sequence of the provided access important?