Fresh Drupal, Fresh Services install -> Services browser always returns "authentication failed: 1"
| Project: | Services |
| Version: | 6.x-2.x-dev |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | won't fix |
Jump to:
In need to create a Web API, I learned of the Services module, and started following along with Scott in these videos http://drupal.org/node/318801
After doing a fresh install of Drupal, and installing the 6.x-2.x-dev version of Services I tried doing the same thing Scott demonstrated with his fresh install:
1) activate the Services, XMLRPC Server and Node Service modules
2) give permissions to both anonymous & authenticated user for node_service module
3) give permissions to authenticated user for services module
4) go to admin/build/services/settings, see there's nothing to set ("No authorization modules have been installed")
5) go to admin/build/services, select "node.get", enter "1" as my node id (yes, I have a node with an id of one)
...and I always get "authentication failed: 1"
Spent hours reading documentation, viewing additional videos, trying different node ids... is what I'm doing wrong? this is the most basic test, and it fails... help?!
#1
Your issue is step 4 an authneciation module needs to be enabled.
#2
would that be the "Key Authentication" module that comes with Services, or something else, such as ACL (http://drupal.org/project/acl) ?
I tried enabling the Key Authentication module, but was unsure how to specify the keys or other info from the Services browser...
#3
It is the key authenication module. If you want open services just disable uses keys and uses sessions, then you will be able to operate as per services 6.x-1 which maybe what Scott demoed against (as that version didn't seperate authenication out to a seperate module)
#4
Perfect!
Thank you so much, Marc!
#5
#6
I had the same problem with 'session id' as athentication method.
I tracked the problem down to function node_service_get_access() which checks the permission 'load any node data' while in my drupal installation it's called 'load node data'.
In addition, 'administer nodes' should include the permission to get the node, so how about:
<?phpfunction node_service_get_access($nid) {
global $user;
$node = node_load($nid);
return ($node->uid == $user->uid and user_access('load own node data')) or
($node->uid != $user->uid and (
user_access('load node data') or user_access('administer nodes')));
}
?>
I can also send you a patch if you want.
#7
Head code is as follows:
<?phpfunction node_service_get_access($nid) {
global $user;
$node = node_load($nid);
return (node_access('view', $node) && user_access('load node data'));
}
?>
So the correct permission is being checked. With regards the rest of the permission changes this is a won't fix as it doesn't make sense to use adminster permission simply because it isn't required. Effectively we are loading a node for viewing and as we do a view access check the system is combined with additional access modules eg acl and content access.