I want to add SalesOrder through vTiger webservice. I'm using for this vtwsclib. Here is the code:
<?php
include_once('vtwsclib/Vtiger/WSClient.php');
$url = 'http://localhost:8888';
$client = new Vtiger_WSClient($url);
$login = $client->doLogin('admin', 'zzzzzzzz');
if(!$login) echo 'Login Failed';
else {
$data = array(
'subject' => 'Test SalesOrder',
'sostatus' => 'Created',
'invoicestatus'=>'AutoCreated',
'account_id'=> '46', // Existing account id
'bill_street' => 'Bill Street',
'ship_street' => 'Ship Street',
);
$record = $client->doCreate('SalesOrder', $data);
$error = $client->lasterror();
if($error) {
echo $error['code'] . ' : ' . $error['message'];
}
if($record) {
$salesorderid = $client->getRecordId($record['id']);
}
}
?>
And I get only: "ACCESS_DENIED : Permission to perform the operation is denied for id".
Account_id exists in database. Other SalesOrder was added with the same account_id but through webpage. I have also tried variant with accout_id = "6x46" where 6 is module_id. It also didn't work. Any ideas how to solve this problem?
I think you should be trying 11x46 for account id. Vtiger web services entity id's are different from tabids.
To get a correct list of all entity ids, execute this in your MySQL for the CRM:
select id, name from vtiger_ws_entity;
Problem lies in vtiger documentation.
add entityName parameter in GET request.
var q = "select * from Users;";
"http://vtigercrm/webservice.php?operation=query&sessionName=ABC&entityName=XYZ&query="+q
This worked well for me. Although still couldn't understand that by giving any entityName or garbage string, program works !!! Please comment if you know more about this.
This is a method that might helps you to generate query q
"http://vtigercrm/webservice.php?operation=query&sessionName=ABC&query="+q
for exemple you expect :
SELECT * FROM INVOICE WEHRE id='72xxx';
you can do
buildVtigerQuery('INVOICE', ['id' => '72xx']);
this is the function :
protected function buildQuery(
string $moduleName,
array $filterData = [],
string $attributes = '*',
int $start = 0,
int $limit = null
): string {
$query = 'SELECT ' . $attributes . ' FROM ' . $moduleName . ' ';
if (!empty($filterData)) {
$query .= 'WHERE ';
foreach ($filterData as $key => $value) {
$whereOperator = (is_numeric($value) === true) ? ' = ' : ' like ';
$value = (is_numeric($value) === true) ? $value : '%' . $value . '%';
$query .= $key . $whereOperator . '\'' . $value . '\'' . ' AND WHERE ';
}
}
if (substr($query, -11) === ' AND WHERE ') {
$query = substr_replace($query, "", -11);
}
if ((!is_null($limit)) && (0 < $start)) {
$query .= ' ORDER BY id LIMIT ' . $start . ',' . $limit;
}
if (!is_null($limit) && (0 >= $start)) {
$query .= ' ORDER BY id LIMIT ' . $limit;
}
return $query . ';';
}
i didn't take XSS injection into consideration because my expected query q will be written in the url
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《vTiger webservice “ACCESS_DENIED : Permission to p》','https://www.manongdao.com/article-858459.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}