Call another service with GET works, for POST don't!

Hello community,

Need your help about this, I have a Service of type PHP, the script receive GET and POST and the process data. In my script I validate data by calling the MySQL

My script:
> $api = $platform[“api”];
> $eventMethod = $event[‘request’][‘method’];
> $DeveloperKey = $event[‘request’][‘headers’][‘x-developer-key’];
> $APPKey = $event[‘request’][‘headers’][‘x-myapp-key’];
> $developer_id = $platform[‘session’][‘user’][‘id’];
>
> // use the options arg to set auth and content-type headers for external calls
> // external calls use cURL and require these headers to be set
> $options = [];
> $options[‘headers’] = [];
> $options[‘headers’][‘X-DreamFactory-Api-Key’] = $platform[‘session’][‘api_key’];
> $options[‘headers’][‘X-DreamFactory-Session-Token’] = $platform[‘session’][‘session_token’];
> $options[‘headers’][‘Content-Type’] = ‘application/json’;
> $options[‘headers’][‘X-Developer-Key’] = $DeveloperKey;
> $options[‘headers’][‘X-APP-Key’] = $APPKey;
>
> if ($eventMethod==“POST”){
> $eventParams = $event[‘request’][‘parameters’];
> $eventResource = $event[‘resource’];
>
> /* verify the Verb */
> switch($eventResource){
> case “”:
> $result = [‘resource’=> [‘new’]];
> break;
> case “new”:
> // validate if the $developer_id have the Developer_Key and the App_Key, if valid, then can create the new user
> $api = $platform[“api”];
> $get = $api->get;
> //$urlDeveloper = “mysql/_table/user?related=myapp_by_owner_id&filter=(id%3D”.$developer_id.")";
> //$urlDeveloper = “mysql/_table/VIEW_DeveloperApps?filter=(game_owner_id%3D”.$developer_id.")%20and%20(developer_key%3D%22".$DeveloperKey."%22)%20and%20(app_api_key%3D%22".$APPKey."%22)";
> $urlDeveloper = “mysql/_table/VIEW_DeveloperApps?filter=(owner_id%3D3)”;
>
> $resDeveloper = $get($urlDeveloper);
>
> if (array_key_exists(“error”, $resDeveloper[“content”])) {
> throw new \Exception(“Messsage = " . $result[“content”][“error”][“message”].”’",$result[“content”][“error”][“code”]);
> } else if (empty($resDeveloper[“content”][‘resource’])){
> throw new \Exception(‘Developer not authorized! Create your account in MYAPPS.COM!’,401);
> }
> return [‘resDeveloper’=>$resDeveloper];
>
> $post = $api->post;
> $urlNewUser = ‘user/register?login=false’;
> $userUniqueCode = “XPTO0001TESTING”;
> $payload = array(‘resource’ => array(‘email’=>$eventParams[‘email’],‘first_name’=>$eventParams[‘first_name’],‘last_name’=>$eventParams[‘last_name’],‘code’=>$userUniqueCode));
> $result = $post($urlNewUser, $payload);
>
> if (array_key_exists(“error”, $result[“content”])) {
> throw new \Exception(“Messsage = " . $result[“content”][“error”][“message”].”’",$result[“content”][“error”][“code”]);
> }
> return [‘result’ => ‘ok’, ‘response’=>$result];
> break;
> }
>
> }else if ($eventMethod==“GET”){
>
> // get records using internal URL such as db/_table/user_myotherfields
> // get(url, payload, )
> // internal URL must start with a service name
> // payload is usually NULL, but doesn’t have to be
> // options will be NULL because no auth or content-type headers are required for internal calls
>
> // To get MyUser information need to get record by myUserUID (unique identifier)
> $myUserUID = trim($event[‘resource’]);
>
> if (!empty($myUserUID)){
> $api = $platform[“api”];
> $get = $api->get;
> $urlBase = ‘mysql/_table/user_myotherfields’;
> $fieldsToGet = ‘fields=myUserUID%2CCity%2CZip%2CAddress’;
> $filterToApply = ‘filter=myUserUID%3D’.$myUserUID;
> $url = $urlBase.’?’.$fieldsToGet.’&’.$filterToApply;
> $result = $get($url);
>
> if (array_key_exists(“error”, $result[“content”])) {
> throw new \Exception(“Messsage = '” . $result[“content”][“error”][“message”]."’",$result[“content”][“error”][“code”]);
> } else if (empty($result[“content”][‘resource’])){
> throw new \Exception(‘Player Not Found!!!’,404);
> }
> return [‘result’ => ‘ok’, ‘response’=>$result];
> }else{
> throw new \DreamFactory\Core\Exceptions\BadRequestException(“Need to provide a MyUser ID (myUserUID)”);
> }
>
> }


This is a Service in PHP, receive a GET and a POST call, the “GET” is working fine, but the POST is the problem!

The GET verb, I call the mysql service to retrieve information and works fine.

The POST verb, first I go to make a GET to the “mysql” service to validate some information before to make a POST to “user” service to create a new user.

The table _table/VIEW_DeveloperApps it is a “View” in MySQL, but changed to a table and I get same error from DF.

I don’t know if the problem is because I make a GET inside of POST call!

The error I get:

“resDeveloper”: {
“status_code”: 403,
“content”: {
“error”: {
“code”: 403,
“context”: null,
“message”: “GET access to component ‘_table/VIEW_DeveloperApps’ of service ‘mysql’ is not allowed by this user’s role.”,
“trace”: […

I verify the Role to this user, and have in “Access Tab”:

Service: mysql
Component: *
Access: GET, POST, PATCH, DELETE
Requester: API

And how I tell, the GET use the “mysql” service and work’s fine!!!

Any orientation or help to put this work?

Best regards,
LB

Enable requester to API, SCRIPT in your role access tab

Hello and many many Thanks,

Resolved :grinning: it’s working fine.

Best regards,
LB

1 Like