vTiger webservice “ACCESS_DENIED : Permission to p

2019-05-21 03:28发布

站内问答 / PHP
1164 3 4

I want to add SalesOrder through vTiger webservice. I'm using for this vtwsclib. Here is the code:

<?php
include_once('vtwsclib/Vtiger/WSClient.php');
$url = 'http://localhost:8888';
$client = new Vtiger_WSClient($url);
$login = $client->doLogin('admin', 'zzzzzzzz');
if(!$login) echo 'Login Failed';
else {

    $data = array(
        'subject' => 'Test SalesOrder',
        'sostatus' => 'Created',
        'invoicestatus'=>'AutoCreated',
        'account_id'=> '46', // Existing account id
        'bill_street' => 'Bill Street',
        'ship_street' => 'Ship Street',
    );
    $record = $client->doCreate('SalesOrder', $data);

$error = $client->lasterror();
    if($error) {
    echo $error['code'] . ' : ' . $error['message'];
}

if($record) {
    $salesorderid = $client->getRecordId($record['id']);
}

}
?>

And I get only: "ACCESS_DENIED : Permission to perform the operation is denied for id".

Account_id exists in database. Other SalesOrder was added with the same account_id but through webpage. I have also tried variant with accout_id = "6x46" where 6 is module_id. It also didn't work. Any ideas how to solve this problem?

3条回答
2楼-- · 2019-05-21 03:57

I think you should be trying 11x46 for account id. Vtiger web services entity id's are different from tabids.

To get a correct list of all entity ids, execute this in your MySQL for the CRM:

select id, name from vtiger_ws_entity;
查看更多
0人赞 添加讨论(0) 举报
何必那么认真
3楼-- · 2019-05-21 03:57

This is a method that might helps you to generate query q 

"http://vtigercrm/webservice.php?operation=query&sessionName=ABC&query="+q

for exemple you expect : 

SELECT * FROM INVOICE WEHRE id='72xxx';

you can do 

buildVtigerQuery('INVOICE', ['id' => '72xx']);

this is the function :

    protected function buildQuery(
    string $moduleName,
    array $filterData = [],
    string $attributes = '*',
    int $start = 0,
    int $limit = null
): string {
    $query = 'SELECT ' . $attributes . ' FROM ' . $moduleName . ' ';
    if (!empty($filterData)) {
        $query .= 'WHERE ';
        foreach ($filterData as $key => $value) {
            $whereOperator = (is_numeric($value) === true) ? ' = ' : ' like ';
            $value = (is_numeric($value) === true) ? $value : '%' . $value . '%';
            $query .= $key . $whereOperator . '\'' . $value . '\'' . ' AND WHERE ';
        }
    }

    if (substr($query, -11) === ' AND WHERE ') {
        $query = substr_replace($query, "", -11);
    }

    if ((!is_null($limit)) && (0 < $start)) {
        $query .= ' ORDER BY id LIMIT ' . $start . ',' . $limit;
    }


    if (!is_null($limit) && (0 >= $start)) {
        $query .= ' ORDER BY id LIMIT ' . $limit;
    }


    return $query . ';';
}

i didn't take XSS injection into consideration because my expected query q will be written in the url

查看更多
0人赞 添加讨论(0) 举报
Deceive 欺骗
4楼-- · 2019-05-21 04:05

Problem lies in vtiger documentation. add entityName parameter in GET request.

var q = "select * from Users;";
"http://vtigercrm/webservice.php?operation=query&sessionName=ABC&entityName=XYZ&query="+q

This worked well for me. Although still couldn't understand that by giving any entityName or garbage string, program works !!! Please comment if you know more about this.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)