This topic contains 2 replies, has 3 voices, and was last updated by Hiro 9 years, 8 months ago.
- Topic
I recently have got this situation that I get the following response when I add a new Action to REST API Controller Class:
123{"status":"error","status_code":403,"status_text":"Forbidden","current_content":"","message":"You do not get VIEW permission for this object"}Example Action:
1234567891011121314151617181920212223242526272829303132333435363738394041424344// Acme\Bundle\AcmeBundle\Controller\Api\Rest(Omitting)use Nelmio\ApiDocBundle\Annotation\ApiDoc;use FOS\RestBundle\Controller\Annotations\NamePrefix;use FOS\RestBundle\Controller\Annotations\RouteResource;use FOS\RestBundle\Controller\Annotations\QueryParam;use FOS\RestBundle\Routing\ClassResourceInterface;use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;use Symfony\Component\HttpFoundation\Request;use Symfony\Component\HttpFoundation\Response;use FOS\Rest\Util\Codes;use Oro\Bundle\SecurityBundle\Annotation\Acl;use Oro\Bundle\SecurityBundle\Annotation\AclAncestor;use Acme\Bundle\AcmeBundle\Helper\Helper;use Acme\Bundle\AcmeBundle\Entity\Acme;(Omitting)/*** REST GET return Total** @param Acme $item** @ApiDoc(* description="Calculate Total",* resource=true* )* @AclAncestor("acme_view")* @ParamConverter("item", class="AcmeBundle:Acme")* @return Response*/public function getTotalAction(Acme $item){$helper = $this->get('acme.helper');$result = $helper->getTotal($item);$responseData = json_encode($result);return new Response($responseData, $result ? Codes::HTTP_OK : Codes::HTTP_BAD_REQUEST);}First I thought this issue happens if I add the same action name that I already have used for other Controller Class, but it seems not.
And where the error message gets generated is at apply() in:
Oro\Bundle\SecurityBundle\Request\ParamConverter\DoctrineParamConverter1234567891011121314151617(Omitting)if ($permission&& $class&& $this->entityClassResolver->isEntity($class)&& is_a($object, $this->entityClassResolver->getEntityClass($class))) {if (!$this->securityFacade->isGranted($permission, $object)) {throw new AccessDeniedException(---> 'You do not get ' . $permission . ' permission for this object');} else {$request->attributes->set('_oro_access_checked', true);}}(Omitting)The issue does not happen if I don’t use “ParamConverter” and just pass the id and get the Entity by coding it.
Other actions using “ParamConverter” do not get the error but when I add new action it somehow starts returning the error, sometimes.
I am not sure if we are supposed to use “ParamConverter” within REST API Controller Class as I can see only the following one uses it:
Oro\Bundle\WorkflowBundle\Controller\Api\Rest\WorkflowController
The forum ‘OroCRM – Installation/Technical Issues or Problems’ is closed to new topics and replies.