Customer Role Issue In API

opencartcity · March 15, 2020, 10:27am

Hello,
We are trying to use your API but getting the error. So we are mentioning the CURL request and error response. So please check it and let us know the issue.

$curl = curl_init();

curl_setopt_array($curl, array(
CURLOPT_URL => "https://demo.erpnext.com/api/resource/Customer",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_HTTPHEADER => array(
"Authorization: Token demo:demo",
"Content-Type: application/json",
"Accept: application/json"
),
));

$result = json_decode(curl_exec($curl), 1);

$err = curl_error($curl);

curl_close($curl);

[exc] => ["Traceback (most recent call last):\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/app.py\", line 60, in application\n response = frappe.api.handle()\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/api.py\", line 120, in handle\n doctype, **frappe.local.form_dict)})\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/__init__.py\", line 1051, in call\n return fn(*args, **newargs)\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/client.py\", line 35, in get_list\n limit_start=limit_start, limit_page_length=limit_page_length, ignore_permissions=False)\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/__init__.py\", line 1287, in get_list\n return frappe.model.db_query.DatabaseQuery(doctype).execute(None, *args, **kwargs)\n File \"/home/frappe/benches/bench-version-12-2020-02-24/apps/frappe/frappe/model/db_query.py\", line 43, in execute\n raise frappe.PermissionError(self.doctype)\nfrappe.exceptions.PermissionError: Customer\n"]
[_server_messages] => ["{\"message\": \"User Guest does not have doctype access via role permission for document Customer\"}"]
[_error_message] => Insufficient Permission for Customer

Thanks!

root13F · March 15, 2020, 12:04pm

The user named Guest lacks a role that has permissions for reading the doctype Customer. Hence login into ERPNext, allot this user a role that has Read permissions on Customer doctype and you should be able to try a GET again.

opencartcity · March 15, 2020, 1:58pm

There is no user ‘guest’. There is only one system user. So please let us know in detail.

yashodhan · March 15, 2020, 9:47pm

Guest is inbuilt user with limited permissions such as website visitor is guest who have not authenticated yet.

So when you are using API, Admin user or any user for which you have enabled API access must have access role / rights assigned before the user make request to any resource using API.

Please check if you are able to authenticate first using that user which has API access enabled in Frappe/ERPNext.

Then find out if that user is other than Administrator, then does user have necessary access role or permission set.
If no role/permission then create it first for that user and then try again using API.

opencartcity · March 16, 2020, 5:47am

We have tried the API api/method/login and got the success response but when trying to use /api/resource/Customer, getting the same response. So my question is, how can we change the guest user to admin user while calling this API?

opencartcity · March 19, 2020, 10:04am

Any update?

root13F · March 19, 2020, 3:34pm

You can’t change the guest user to admin user. Make a new user with roles for the doctyoes you want. And user that user to login and perform operations

yashodhan · March 19, 2020, 5:09pm

Checkout

iMoshi · June 16, 2022, 3:50am

How can we get_list Website Items without any session? We’re trying different things and this came as one of the requirements. Do we have to create a user and generate API keys for our 3rd party software to list public items such as website items?