Closed (fixed)
Project:
Services
Version:
6.x-0.10
Component:
Code
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
30 Jun 2008 at 20:34 UTC
Updated:
15 Sep 2008 at 16:43 UTC
Hi, sorry if this question is already answered somewhere but I looked through the docs and support requests and did not see an answer.
When trying to access Services, namely doing a node.load, using a module such as GET Server or REST Server, I am given a Access Denied or Forbidden if Node module - Access Content is not set to allow Anonymous Users. It simply returns a permission denied, even though using API Keys.
Turning on Anonymous access to Content allows for it to work.
Is this the way it is supposed to work? If so, is there a different way to go about this in order to use Services without allowing access to content to anonymous users? Thanks for any help.
Comments
Comment #1
amitaibuYou have the 'access services' which you need to set to anonymous, and then every service has it's own permission (e.g. 'load raw node data').
Comment #2
coderintherye commentedI'm setting this back to active. I have Services set to Anonymous and Load Raw Node Data set to anonymous and still get permission denied no matter what unless I turn Content on to Anonymous Access. I may be doing something wrong, but your suggested solution is not the answer.
Comment #3
marcingy commentedWhat settings do you have enabled under the keys tab in the admin section of services?
Comment #4
coderintherye commentedThere are no settings under the Keys tab in the admin section of services, at least in my installation.
I have:
"An API key is required to allow an application to access Drupal remotely."
Then there is a table with "Key" "Title" "Domain" "Operations" I have tried creating a key here and using it to no avail, always permission denied unless Anonymous access to Content is allowed.
Now, if you meant under the 'Settings' Tab under Services. I have 'Use keys' checked. I have tried all combinations of having the three Security checkboxes checked or unchecked and always get permission denied unless Anonymous access is enabled.
Comment #5
marcingy commentedThe api keys do not relate to user and hence this will return access denied unless annoymous access is set. You would need to carry out the following steps to prevent the annoymous error. Pass in a user name and password using user.login. Then call the node.load service passing in the session id that has been generated. A change has been raised which if worked upon will API keys to users which could then overcome the need for the login step - http://drupal.org/node/277248
Comment #6
coderintherye commentedOk, I am changing to a feature request. For my purposes this module is fairly useless without being able to use API Keys without allowing anonymous access to Content. I am using a GET Request to get updated nodes and output them to a static HTML Website. There is sensitive information and such on the Drupal Server, hence one of the reasons (although not my choice) to push it out to a static server. If anyone can see content on the Drupal server than this defeats the security of those sensitive pages. Perhaps though this is also an issue for Core regarding accessing Content, if you have multiple content types, why not be able to just set 'access content' permission for each content type, (i.e., access blog content). Thanks for considering this added feature in your future releases.
Comment #7
amitaibu@anarchman,
Maybe this module will help you - it allows you to set access per content type. http://drupal.org/project/content_access
Comment #8
coderintherye commentedAmitaibu,
Excellent, hadn't seen that before, I will give it a go tomorrow and see if it works for this situation.
Comment #9
brmassa commentedGuys,
fixed.
regards,
massa
Comment #10
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.