Custom Script - 403


#1

I created a test custom script that uses the Scripting API Access (i.e. platform.api.get) and I’m not able to execute it even though I have a role assigned with System Access: Script (GET/POST) and Service Access: Database (MyTable). Error pasted below:

Access to application ‘dsp.scripting’ is not provisioned for this user’s role.

If I remove the API call, and just return some text, it works fine. What am I missing on this role for this to work? This same role can use the API directly to GET/POST that same table. It’s just a problem via the custom script API.

Thanks,
Troy


#2

That error means that the app (dsp.scripting) isn’t assigned to the role.
Can you verify this is a problem with our api by making sure you have that app checked in the role config for the role you granted access to scripting?


#3

Hi Jason, yes my app is checked in that role config as well. Sorry, I should have stated that in my original post.


#4

Hi Jason, any update to this issue?


#5

Todd is going to recreate this one, get back to you asap.


#6

It sounds like the URL you are trying to access is for a service on your local DSP. Is that correct? In that case you can just use the service and table name like this. You won’t have to worry about app_name or authentication.

var result = platform.api.get("db/Contact");
return result;

You can also specify the full URL of the DSP but then the script must supply additional information to authenticate the call. This may be what you ran into. Alternatively you can enable guest mode from the DSP config screen. As an example say I want to access the Contact table from my app named addressbook. Guest role must allow access to the Contact table and the addressbook app.

var result = platform.api.get("https://dsp-mydsp.cloud.dreamfactory.com/rest/db/Contact?app_name=addressbook");
return result;

Will either of these work for you?


#7

Hi Todd, thanks for your reply. I was able to reproduce the issue on both a local install and an Azure image from Bitnami. I’m using the approach you showed in the first code example, here’s my exact code:

var results = platform.api.get("db/Mytest", {"filter": "achievements > 100", "limit" : "50"});
return result;

Here’s the complete JSON being return:

{"is_user_script":"true","path":"system/script/custom2","__tag__":"exposed_event","script_result":{"error":[{"context":null,"message":"Access to application 'dsp.scripting' is not provisioned for this user's role.","code":403}]}}

I didn’t try opening up guest access, I want to get it to work without having to do that if possible.

Thanks,
Troy


#8

Discovered this is a bug only when running the script as a non-admin user. This has been fixed in the develop branch of dsp-core. Sorry for the trouble. The following file was modified.

vendor/dreamfactory/lib-php-common-platform/src/Scripting/ScriptEngine.php

You can view the diff here.

This change will be in the next release in a few days, or you can modify your own ScriptEngine.php code. Or you can call the script as an admin user.


#9

Thanks for the update and fix Todd. I’ll upgrade when the next release is ready and test it out.