Getting Permissions error while making auth api call or any whitlisted method api call

Frappe Framework Permissions
,
1

Hi Everyone, I am trying to call the API for the get_logged_user (/api/method/frappe.auth.get_logged_user) but getting an issue that is

{
    "exc_type": "PermissionError",
    "exception": "frappe.exceptions.PermissionError: <details><summary>You are not permitted to access this resource.</summary>Function <strong>frappe.auth.get_logged_user</strong> is not whitelisted.</details>",
    "exc": "[\"Traceback (most recent call last):\\n  File \\\"apps/frappe/frappe/app.py\\\", line 94, in application\\n    response = frappe.api.handle()\\n  File \\\"apps/frappe/frappe/api.py\\\", line 54, in handle\\n    return frappe.handler.handle()\\n  File \\\"apps/frappe/frappe/handler.py\\\", line 47, in handle\\n    data = execute_cmd(cmd)\\n  File \\\"apps/frappe/frappe/handler.py\\\", line 82, in execute_cmd\\n    is_whitelisted(method)\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 781, in is_whitelisted\\n    throw(msg, PermissionError, title=\\\"Method Not Allowed\\\")\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 534, in throw\\n    msgprint(\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 502, in msgprint\\n    _raise_exception()\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 451, in _raise_exception\\n    raise raise_exception(msg)\\nfrappe.exceptions.PermissionError: <details><summary>You are not permitted to access this resource.</summary>Function <strong>frappe.auth.get_logged_user</strong> is not whitelisted.</details>\\n\"]",
    "_server_messages": "[\"{\\\"message\\\": \\\"<details><summary>You are not permitted to access this resource.</summary>Function <strong>frappe.auth.get_logged_user</strong> is not whitelisted.</details>\\\", \\\"title\\\": \\\"Method Not Allowed\\\", \\\"indicator\\\": \\\"red\\\", \\\"raise_exception\\\": 1}\"]"
}

In Postman I added the ā€œAuthorization: token api_key:api_secretā€ in headers of the administrator. But still getting this error.

Can anyone help me to resolve that issue.

1 Like
2

I found that there were no permissions for the ā€œAllā€ role for the user module.
So, I enabled all permissions for the ā€œAllā€ and the issue has been resolved.

3

I am having the same problemā€¦ but donā€™t see an ā€˜Allā€™ role. Also, not sure I want to give that to all ā€˜backendā€™ users? I canā€™t even get the ā€˜adminā€™ user to access the ā€˜/api/method/frappe.auth.get_logged_userā€™ method with header ā€œAuthorization = token <api_key>:<api_secret>ā€. Also does not work as base64 and Bearer. But I can login with ā€˜/api/method/loginā€™ using params usr and pwd. But then I have to track SID in a cookie.

4

@Colin_Vander_Veen Did you manage to find a solution around this? Iā€™m having this issue as well, but its surprising that this issue is not getting much coverage. Does nobody not use the API Token and Secret at all? :sweat_smile:

I have no issues with the login with ā€˜/api/method/loginā€™ using params usr and pwd method at all. Same as you.

But for using the API key and secret, nobody whether I encode it or donā€™t encode it, using ā€œBasicā€ or ā€œtokenā€ nothing works.