You are not permitted to access this resource.Function xxxx.api.... is not whitelisted

Frappe Framework Custom Script
1

i custom new app in frappe. i use postman test API and reviced error code

Blockquote

“exception”: “frappe.exceptions.PermissionError: You are not permitted to access this resource.Function it_asset_management.api.update_or_create_computer_activity is not whitelisted.”,
“exc_type”: “PermissionError”,

Blockquote
this is my api.py file

import frappe
from frappe import _

@frappe.whitelist()
def update_or_create_computer_activity():
    data = frappe.local.form_dict
    if not data:
        frappe.throw(_("No data received"))

    serial_number = data.get("serial_number")
    if not serial_number:
        frappe.throw(_("Serial number is required"))

    # Kiểm tra nếu tài sản đã tồn tại
    existing_log = frappe.get_all("Computer Activity Logs", filters={"serial_number": serial_number}, limit=1)
    if existing_log:
        # Cập nhật log hiện tại
        log = frappe.get_doc("Computer Activity Logs", existing_log[0].name)
        log.update({
            "last_update": data.get("last_update"),
            "ip_address": data.get("ip_address"),
            "mac_address": data.get("mac_address"),
            "computer_name": data.get("computer_name"),
            "computer_model": data.get("computer_model"),
            "branch": data.get("branch")
        })
        log.save()
        return {"message": "Log updated successfully", "log_name": log.name}
    else:
        # Tạo log mới
        log = frappe.get_doc({
            "doctype": "Computer Activity Logs",
            "serial_number": serial_number,
            "computer_name": data.get("computer_name"),
            "computer_model": data.get("computer_model"),
            "branch": data.get("branch"),
            "mac_address": data.get("mac_address"),
            "ip_address": data.get("ip_address"),
            "last_update": data.get("last_update")
        })
        log.insert()
        return {"message": "Log created successfully", "log_name": log.name}

and hook.py file

# hooks.py

override_whitelisted_methods = {
    "it_asset_management.api.update_or_create_computer_activity": "it_asset_management.api.update_or_create_computer_activity"
}

how to fix it.
Thank you

2

@biz1990 you overrode the same whitelist method.

1 Like
3

this is my custom module and i began learn write module for erpnext 15. Therforce, i write it follow guide on network. And this is my full hook.py file

app_name = "it_asset_management"
app_title = "IT Asset Management"
app_publisher = "IT"
app_description = "IT Asset Management"
app_email = "it@example.com"
app_license = "mit"
# required_apps = []
override_whitelisted_methods = {
    "it_asset_management.api.update_or_create_computer_activity": "it_asset_management.api.update_or_create_computer_activity"
}

please.

4

image
image1048×727 47.7 KB

1 Like
5

@biz1990 there is no need to override whitelist method.if you are doing this for only testing purpose add allow_guest=True in @frappe.whitelist(allow_guest=True)

1 Like
6

i use postman for test api. and i had add @frappe.whitelist(allow_guest=True) but it error as

 "exception": "frappe.exceptions.PermissionError",
    "exc_type": "PermissionError",
    "_exc_source": "it_asset_management (app)",
Insufficient Permission for Computer Activity Logs
7

show me your code after changed

1 Like
8

My api.py code

import frappe
from frappe import _

@frappe.whitelist(allow_guest=True)
def update_or_create_computer_activity():
    data = frappe.local.form_dict
    if not data:
        frappe.throw(_("No data received"))

    serial_number = data.get("serial_number")
    if not serial_number:
        frappe.throw(_("Serial number is required"))

    # Kiểm tra nếu tài sản đã tồn tại
    existing_log = frappe.get_all("Computer Activity Logs", filters={"serial_number": serial_number}, limit=1)
    if existing_log:
        # Cập nhật log hiện tại
        log = frappe.get_doc("Computer Activity Logs", existing_log[0].name)
        log.update({
            "last_update": data.get("last_update"),
            "ip_address": data.get("ip_address"),
            "mac_address": data.get("mac_address"),
            "computer_name": data.get("computer_name"),
            "computer_model": data.get("computer_model"),
            "manufacture": data.get("manufacture")
        })
        log.save()
        return {"message": "Log updated successfully", "log_name": log.name}
    else:
        # Tạo log mới
        log = frappe.get_doc({
            "doctype": "Computer Activity Logs",
            "serial_number": serial_number,
            "computer_name": data.get("computer_name"),
            "computer_model": data.get("computer_model"),
            "manufacture": data.get("manufacture"),
            "mac_address": data.get("mac_address"),
            "ip_address": data.get("ip_address"),
            "last_update": data.get("last_update")
        })
        log.insert()
        return {"message": "Log created successfully", "log_name": log.name}

and hook.py like above

9

log.save(ignore_permissions=True)
log.insert(ignore_permissions=True)

1 Like
10

This is responded after change code. it had success

{
    "message": {
        "message": "Log created successfully",
        "log_name": "9hskhi2a8d"
    }
}

but why use ignore_permissions=True

and i want to use authentication with api key and api values how can do it
Thank you

11

This scenario is different from authentication this is for doctype permission

1 Like
12

go to role permission for manager in serach list and apply permission for computer activity log

1 Like
13

i had set permission and rule but it still error

roleit
roleit1381×786 48.4 KB

and
role permit
role permit990×827 68.5 KB

"exception": "frappe.exceptions.PermissionError: You are not permitted to access this resource.Function it_asset_management.api.update_or_create_computer_activity is not whitelisted.",
    "exc_type": "PermissionError",

if i missing step or make wrong please show me how fix it.
please help me.
thank you very much

14

Remove override whitelist method from hooks py

1 Like
15

i deleted overwrite method but still error like that.

{
    "exception": "frappe.exceptions.PermissionError: You are not permitted to access this resource.Function it_asset_management.api.update_or_create_computer_activity is not whitelisted.",
    "exc_type": "PermissionError",
    "exc": "[\"Traceback (most recent call last):\\n  File \\\"apps/frappe/frappe/app.py\\\", line 114, in application\\n    response = frappe.api.handle(request)\\n               ^^^^^^^^^^^^^^^^^^^^^^^^^^\\n  File \\\"apps/frappe/frappe/api/__init__.py\\\", line 49, in handle\\n    data = endpoint(**arguments)\\n           ^^^^^^^^^^^^^^^^^^^^^\\n  File \\\"apps/frappe/frappe/api/v1.py\\\", line 36, in handle_rpc_call\\n    return frappe.handler.handle()\\n           ^^^^^^^^^^^^^^^^^^^^^^^\\n  File \\\"apps/frappe/frappe/handler.py\\\", line 49, in handle\\n    data = execute_cmd(cmd)\\n           ^^^^^^^^^^^^^^^^\\n  File \\\"apps/frappe/frappe/handler.py\\\", line 82, in execute_cmd\\n    is_whitelisted(method)\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 900, in is_whitelisted\\n    throw(msg, PermissionError, title=_(\\\"Method Not Allowed\\\"))\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 645, in throw\\n    msgprint(\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 610, in msgprint\\n    _raise_exception()\\n  File \\\"apps/frappe/frappe/__init__.py\\\", line 561, in _raise_exception\\n    raise exc\\nfrappe.exceptions.PermissionError: You are not permitted to access this resource.Function it_asset_management.api.update_or_create_computer_activity is not whitelisted.\\n\"]",
    "_server_messages": "[\"{\\\"message\\\": \\\"<details><summary>You are not permitted to access this resource.</summary>Function <strong>it_asset_management.api.update_or_create_computer_activity</strong> is not whitelisted.</details>\\\", \\\"title\\\": \\\"Method Not Allowed\\\", \\\"indicator\\\": \\\"red\\\", \\\"raise_exception\\\": 1, \\\"__frappe_exc_id\\\": \\\"4f8049afef4f76e5d123e5d9ac2ef36b2d837085e8483780db2085d3\\\"}\"]"
}

please .

16

show me your code

1 Like
17

This is hook.py

app_name = "it_asset_management"
app_title = "IT Asset Management"
app_publisher = "IT"
app_description = "IT Asset Management"
app_email = "it@example.com"
app_license = "mit"
# required_apps = []

# Includes in <head>
# ------------------

# include js, css files in header of desk.html
# app_include_css = "/assets/it_asset_management/css/it_asset_management.css"
# app_include_js = "/assets/it_asset_management/js/it_asset_management.js"

and api.py

import frappe
from frappe import _

@frappe.whitelist()
def update_or_create_computer_activity():
    data = frappe.local.form_dict
    if not data:
        frappe.throw(_("No data received"))

    serial_number = data.get("serial_number")
    if not serial_number:
        frappe.throw(_("Serial number is required"))

    # Kiểm tra nếu tài sản đã tồn tại
    existing_log = frappe.get_all("Computer Activity Logs", filters={"serial_number": serial_number}, limit=1)
    if existing_log:
        # Cập nhật log hiện tại
        log = frappe.get_doc("Computer Activity Logs", existing_log[0].name)
        log.update({
            "last_update": data.get("last_update"),
            "ip_address": data.get("ip_address"),
            "mac_address": data.get("mac_address"),
            "computer_name": data.get("computer_name"),
            "computer_model": data.get("computer_model"),
            "manufacture": data.get("manufacture")
        })
        log.save()
        return {"message": "Log updated successfully", "log_name": log.name}
    else:
        # Tạo log mới
        log = frappe.get_doc({
            "doctype": "Computer Activity Logs",
            "serial_number": serial_number,
            "computer_name": data.get("computer_name"),
            "computer_model": data.get("computer_model"),
            "manufacture": data.get("manufacture"),
            "mac_address": data.get("mac_address"),
            "ip_address": data.get("ip_address"),
            "last_update": data.get("last_update")
        })
        log.insert()
        return {"message": "Log created successfully", "log_name": log.name}

error when use postman using POST

"exception": "frappe.exceptions.PermissionError: You are not permitted to access this resource.Function it_asset_management.api.update_or_create_computer_activity is not whitelisted.",
    "exc_type": "PermissionError",
    "exc": "[\"Traceback (most recent call last):\\n  File \\\"apps/frappe/frappe/app.py\\\", line 114, in application\\n    response = frappe.api.handle(request)\\n

JSON data

{
    "computer_name": "MyComputer",
    "serial_number": "1234567890",
    "computer_model": "Dell XPS",
    "manufacture": "Main Office",
    "mac_address": "00:1A:2B:3C:4D:5E",
    "ip_address": "192.168.1.100",
    "last_update": "2024-07-18 14:00:00"
}

this is doctype

{
 "actions": [],
 "allow_rename": 1,
 "creation": "2024-07-25 12:22:12.088010",
 "doctype": "DocType",
 "engine": "InnoDB",
 "field_order": [
  "computer_infomation_section",
  "computer_name",
  "column_break_xfmf",
  "serial_number",
  "column_break_yodw",
  "computer_model",
  "column_break_gsnn",
  "manufacture",
  "section_break_ntex",
  "mac_address",
  "column_break_ocas",
  "ip_address",
  "column_break_wvsk",
  "lasted_update"
 ],
 "fields": [
  {
   "fieldname": "computer_infomation_section",
   "fieldtype": "Section Break",
   "label": "Computer Infomation"
  },
  {
   "fieldname": "computer_name",
   "fieldtype": "Data",
   "label": "Computer Name"
  },
  {
   "fieldname": "column_break_xfmf",
   "fieldtype": "Column Break"
  },
  {
   "fieldname": "serial_number",
   "fieldtype": "Data",
   "in_list_view": 1,
   "label": "Serial number",
   "reqd": 1
  },
  {
   "fieldname": "column_break_yodw",
   "fieldtype": "Column Break"
  },
  {
   "fieldname": "computer_model",
   "fieldtype": "Data",
   "label": "Computer Model"
  },
  {
   "fieldname": "column_break_gsnn",
   "fieldtype": "Column Break"
  },
  {
   "fieldname": "manufacture",
   "fieldtype": "Data",
   "label": "Manufacture"
  },
  {
   "fieldname": "section_break_ntex",
   "fieldtype": "Section Break"
  },
  {
   "fieldname": "mac_address",
   "fieldtype": "Data",
   "label": "Mac Address"
  },
  {
   "fieldname": "column_break_ocas",
   "fieldtype": "Column Break"
  },
  {
   "fieldname": "ip_address",
   "fieldtype": "Data",
   "label": "IP Address"
  },
  {
   "fieldname": "column_break_wvsk",
   "fieldtype": "Column Break"
  },
  {
   "fieldname": "lasted_update",
   "fieldtype": "Datetime",
   "label": "Lasted Update"
  }
 ],
 "index_web_pages_for_search": 1,
 "links": [],
 "modified": "2024-07-25 12:32:14.915183",
 "modified_by": "Administrator",
 "module": "IT Asset Management",
 "name": "Computer Activity Logs",
 "owner": "Administrator",
 "permissions": [
  {
   "create": 1,
   "delete": 1,
   "email": 1,
   "export": 1,
   "print": 1,
   "read": 1,
   "report": 1,
   "role": "System Manager",
   "share": 1,
   "write": 1
  }
 ],
 "sort_field": "modified",
 "sort_order": "DESC",
 "states": []
}

thank you.

18

@biz allow_guest has been removed, you’ll need to login in to the site using login api of frappe in Postman first

1 Like
19

@frappe.whitelist(allow_guest=true)
use this in your code then it will work on the api

1 Like
20

this is my method in postman

Screenshot 2024-07-26 112837
Screenshot 2024-07-26 112837845×716 56.7 KB

Screenshot 2024-07-26 112822
Screenshot 2024-07-26 112822864×680 61.7 KB

Screenshot 2024-07-26 112805
Screenshot 2024-07-26 112805814×661 55.4 KB

i use api authentication but it not pass.
please help me
thank you