Custom Script - 403

tsetford · September 24, 2014, 11:19pm

I created a test custom script that uses the Scripting API Access (i.e. platform.api.get) and I’m not able to execute it even though I have a role assigned with System Access: Script (GET/POST) and Service Access: Database (MyTable). Error pasted below:

Access to application ‘dsp.scripting’ is not provisioned for this user’s role.

If I remove the API call, and just return some text, it works fine. What am I missing on this role for this to work? This same role can use the API directly to GET/POST that same table. It’s just a problem via the custom script API.

Thanks,
Troy

Jason · September 25, 2014, 2:06pm

That error means that the app (dsp.scripting) isn’t assigned to the role.
Can you verify this is a problem with our api by making sure you have that app checked in the role config for the role you granted access to scripting?

tsetford · September 25, 2014, 5:54pm

Hi Jason, yes my app is checked in that role config as well. Sorry, I should have stated that in my original post.

tsetford · September 29, 2014, 11:32pm

Hi Jason, any update to this issue?

Jason · September 30, 2014, 6:36pm

Todd is going to recreate this one, get back to you asap.

toddappleton · September 30, 2014, 8:09pm

It sounds like the URL you are trying to access is for a service on your local DSP. Is that correct? In that case you can just use the service and table name like this. You won’t have to worry about app_name or authentication.

var result = platform.api.get("db/Contact");
return result;

You can also specify the full URL of the DSP but then the script must supply additional information to authenticate the call. This may be what you ran into. Alternatively you can enable guest mode from the DSP config screen. As an example say I want to access the Contact table from my app named addressbook. Guest role must allow access to the Contact table and the addressbook app.

var result = platform.api.get("https://dsp-mydsp.cloud.dreamfactory.com/rest/db/Contact?app_name=addressbook");
return result;

Will either of these work for you?

tsetford · September 30, 2014, 9:30pm

Hi Todd, thanks for your reply. I was able to reproduce the issue on both a local install and an Azure image from Bitnami. I’m using the approach you showed in the first code example, here’s my exact code:

var results = platform.api.get("db/Mytest", {"filter": "achievements > 100", "limit" : "50"});
return result;

Here’s the complete JSON being return:

{"is_user_script":"true","path":"system/script/custom2","__tag__":"exposed_event","script_result":{"error":[{"context":null,"message":"Access to application 'dsp.scripting' is not provisioned for this user's role.","code":403}]}}

I didn’t try opening up guest access, I want to get it to work without having to do that if possible.

Thanks,
Troy

toddappleton · October 1, 2014, 2:24pm

Discovered this is a bug only when running the script as a non-admin user. This has been fixed in the develop branch of dsp-core. Sorry for the trouble. The following file was modified.

vendor/dreamfactory/lib-php-common-platform/src/Scripting/ScriptEngine.php

You can view the diff here.

This change will be in the next release in a few days, or you can modify your own ScriptEngine.php code. Or you can call the script as an admin user.

tsetford · October 1, 2014, 3:33pm

Thanks for the update and fix Todd. I’ll upgrade when the next release is ready and test it out.

Topic		Replies	Views
Custom script 403 error Server-Side Scripting	16	4619	April 10, 2015
Learning platform.api.get Server-Side Scripting	3	3089	March 23, 2016
Guest user setup to access only the Database service Legacy Product authentication , authorization	4	3422	March 23, 2017
Can't access my Custom Script Service Server-Side Scripting	1	1833	June 26, 2016
Custom scripts understanding Server-Side Scripting	3	1987	November 6, 2014

Custom Script - 403

Related Topics