RESTful user and permissions on custom module

Brenden Kehren asked on January 2, 2015 18:35

I've created a simple module with a single class in it. When I'm logged in as global admin, I'm able to call the REST service and get back what I'd expect. When I log out and try to make the call with passing in the username and password with basic authentication it gives me a "forbidden 403" error. What permissions does this user need in order to call the custom class via REST?

Recent Answers

Vilém Jeniš answered on January 7, 2015 10:38

Off the top of my head I'd say the user needs to have read permission of the module(resource) you have created. If the module doesn't have that permission, then the user should be allowed to read it automatically.

Also: The user should be bound to the site the object is associated with. The user should have that permission for the site the object is associated with. If it's a global object, permission "globalread" applies if it exists. I'm not really sure how this works if you haven't specified a SiteID column in the TypeInfo of your class.

I'm not really sure about this and I might come back with a 100% answer a bit later. For the time being could you clear up some of the unknowns for me?

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on January 7, 2015 13:52

My module does have the "read" permission and the users role has that read permission checked. The module does have the site bound to it. There is no SiteID column defined in the TypeInfo definition. The user is bound to the site.

1 votesVote for this answer Mark as a Correct answer

Zdeněk Cetkovský answered on January 7, 2015 15:17

Hi Brenden,

Do any REST requests with the same basic authentication work for other, default system objects?

What settings do you have for authentication type in Settings -> Integration -> REST..., is it Forms or Basic auth? Perhaps a look into your class TYPEINFO might reveal something as well, could you optionally paste it here?

Thank you in advance for information.

Regards, Zdenek

0 votesVote for this answer Mark as a Correct answer

Kevin Hoelzel answered on January 29, 2015 16:07

I'm having sort of the same issue with a custom table. I can authenticate as the Global Administrator and get the cms.user/Administrator?format=json data back but when I try a custom table class, 403. Submitted a support request, we'll see if I've got something configured incorrectly.

1 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.