Not allowed to create records

Hello.

I’ve cloned the CRM module in the Low-code and now messing around with it.

Steps to reproduce:

  1. I’ve created a custom-made module
  2. I can add a new record via the web-interface successfully
  3. Created an API user with Super Administrator role
  4. Created an Auth client (grant type = client_credentials)
  5. Successfully authorized in the API
    “scope”: “profile api”,
    “sub”: “266670462006722563”,
    “token_type”: “Bearer”
  6. Getting an error, when trying to create a new recorn in my module
    “message”: “not allowed to create records”,
    “meta”: {
    “resource”: “compose:record”,
    “type”: “notAllowedToCreate”
    },
  7. Tried to change permissions everywhere to make them as permissive as possible, but without success

I’m probably missing something on the permission level, but documentation is quite fragmented so it’s hard to grasp the entire image.

Thanks in advance!

@sashker how is it going?
I do something similar and it’s working for me

@sashker

  • What version are you currently using?
  • Could you screenshot the auth client configuration?
  • Can you paste an example of the request you’re making?

I would imagine something is off in the auth client configuration or the way you’re making API requests.

1 Like

Let me overtake this as I am facing the same issue.
I am using version 2021.9.7

POST https://[myaddres]/api/compose/namespace/274482948915331075/module/276263274801004547/record/

body
{
“labels”: {},
“records”: [],
“values”: [
{
“name”: “punkt”,
“value”: “WRO15”
},
{
“name”: “numer”,
“value”: “10”
}
]
}

When I change this request to GET instead of POST, I am receiving a proper response containing a list of records within the module. First I have tried with my super admin account (I was able to create a new row with UI, but was unable to do it via API) and also with a specially created user with a new role with all possible roles around the module in use

Looks like I am doing something wrong, after creating a new client with superadmin it works.

If the user, specified under the impersonate user, is allowed to perform some operation, the REST API request should go through.

This would tell me that the user was allowed to access but not create records; can you confirm that was the case?

In my case, the issue was not around the permissions related to the role that I have defined, but with the fact, that (according to my findings) when defining a client, you need to define not only the user for impersonating but also forced and permitted roles. Only after I have created a new client with all those three elements defined I was able to use all permissions defined for the role (as I have mentioned in my other post, it is possible that there is some bug, as changing Permitted and Forced roles on the already created client doesn’t impact permissions).

Quite possible; I’ll take a look when I’m able