Send PM from different user - problem
Hi everyone. I created a new non-sso user Using these instructions I generated a session key for that user Created a test endpoint with this code: <#assign session_key = rest("/authentication/ses...
Forum Discussion
Changed the code in my endpoint to test different scenarios:
1:
<#assign session_key = restadmin("/authentication/sessions/login?user.login=<user>&user.password=<pw>").value/>
<#assign result_send = rest("/boards/id/001/messages/post/?restapi.session_key=${session_key}&message.author=/users/login/sys-admin&message.subject=test&message.body=test")/>2:
<#assign session_key = restadmin("/authentication/sessions/login?user.login=sys-admin&user.password=LittlePinkPig").value/>
<#assign result_send = rest("/boards/id/001/messages/post/?restapi.session_key=${session_key}&message.subject=test&message.body=test")/>Open the endpoint without logging in any user:
1. Error 403
2. Error 403
Open the endpoint logged in on an admin account:
1. gets posted as regular user
2. gets posted as by the admin account
Open the endpoint logged in as regular user, they both error out with a 500
PerBonomi Give it a shot with restadmin. It would work even in logged out case.
In your case session id does not impact to anything.
1. You are passing the user login so it is posting by a normal user. I would work in the same way even you remove the session id.
2. It is posted by admin as you did not pass any user login/id.
You can use this endpoint as well no need for any type of session generation, just need to pass the user id directly.
<#assign escalatesubject = http.request.parameters.name.get("escalatesubject","Here is subject")>
<#assign escalatebody = http.request.parameters.name.get("escalatesubject","Here is body")>
<#assign userid = 100 />
<#assign addPost = restadmin("/boards/id/001/messages/post?message.subject=${escalatesubject?url}&message.body=${escalatebody?url}&message.author=/users/id/${userid}") />
Hey thanks for that. Using the API for other things isn't an issue, I just thought I'd do kind of an AB test to make sure the way I generate the session key is correct :)
PerBonomi- As i mentioned above, there is no issue in your code. Session key doesn't seem to be working in an endpoint, even it is being generated correctly.
Even though you have generated the session key for admin user but the second rest call is not accepting the session key which makes the rest call without context of any user and throwing 403 issue.
Oh, I believed you from the start, don't get me wrong; I've seen you and your great solutions around long enough.
But if you've ever tried to convince Lithium support of your plight, you know you need to do extra testing, troubleshooting and show incontrovertible proof of your issue :)
