I'm getting an "Access denied." error from comment.loadNodeComments and am at a loss for the cause. Guessing it's something stupid, but would appreciate any help. Details:
node.get, node.save, views.get, and taxonomy.getTree all work fine, using API key and session ID, so services in general work fine.
I'm now trying to call comment.loadNodeComments and getting the access denied error. This happens both from my app (via AMFPHP) and from the services browser.
The user is an 'administator' role user so has all perms enabled, including:
comment module
- access comments
- administer comments
- post comments
- post comments without approval
comment_service module
- access comments from remote
- save comments from remote
The user can access node comments fine when working directly on the site (not through services). Can see and reply to comments.
Node is of a new content type I defined. Default comment setting there is read/write, and I'm calling loadNodeComments for a node that actually has comments.
I even tried to rebuild permissions, but had no impact.
Running services 6.x-2.x-dev (2009-Dec-25).
Thanks in advance for any pointers,
Micah
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | comment-access-2.patch | 2.35 KB | marcingy |
| #2 | comment-access.patch | 1.21 KB | marcingy |
| #1 | comment-access.patch | 1.24 KB | marcingy |
Comments
Comment #1
marcingy commentedAccess callback is an array should be a string
Comment #2
marcingy commentedwindows line ending fixed
Comment #3
waldmanm commentedHi Marc,
Thanks so much for the quick reply.
I tried this but it didn't help. I just noticed, though, that you are talking about "Access callback", whereas the comment_service module uses "access arguments". Maybe the access arguments functionality is broken? It seems that most modules use callback, though I saw that the services_search module uses "arguments" and it specifies an array too.
Perhaps it's best to switch to access callback? I'm guessing something along these lines, but not sure what arguments, if any, will be passed:
function comment_service_load_access() {
global $user;
return (user_access('access comments from remote'));
}
Last, whatever is done should be done for all 5 comment methods.
Thanks again,
Micah
Comment #4
marcingy commentedMy bad - I'm rolling this blind as I don't have a local services install at the moment. New version which hits all methods and (hopefully) correctly renames the parameter.
Comment #5
marcingy commentedK I need to do an install...brain has now switched on
Comment #6
waldmanm commentedDoesn't "access callback" expect a function name, though (and an actual function to then be called)?
Comment #7
marcingy commentedWhat are your authenication settings? Do you have the comment services enabled at for the api key if you are using keys?
Comment #8
waldmanm commentedOK, that was the problem. I created the key a while ago and only enabled a portion of the methods (tried to be secure ...).
Sorry for taking your time and many thanks for your help. I really appreciate it. I hope the other issue I opened tonight is a real bug so at least I can make some meaningful contribution ... :)
Micah
Comment #9
marcingy commentedComment #10
waldmanm commentedJust a thought: it could be helpful if a more detailed message would be returned when using the services browser, as to the cause of the "Access denied." error. Obviously, for security reasons you don't want to return more details on a normal (external) service call itself, so as not to help a potential attacker. But I would assume that the services browser is used by a trusted admin user, and it could save a lot of time if you know where the problem is (API key as in this case, user permissions, etc.).