vTiger web services: Permission to perform the operation is denied for query

Question

I'm using the vTiger web services to retreive an array of VtigerObjects containing my contacts using a query. I am following the instructions given here:

https://wiki.vtiger.com/index.php/Webservices_tutorials

So far I'm getting a challenge token which I can use to login, so that's working.. But from the moment i'm trying to get data with a query I get the following error:

"Permission to perform the operation is denied for query"

I'm the administrator, so I should have all the permissions, right? Here's my code, I hope someone can help me?

$username = 'xxxxxxxxxx';
$userAccessKey = 'xXxXxXxXxXxXxX';

//Create HTTP Client and set url and parameters
$client = new Zend_Http_Client();
$client->setUri('https://example.com/webservice.php');
$client->setParameterGet(array(
    'operation' => 'getchallenge', 
    'username' => $username
));

// Get Response (and decode)
$response = $client->request('GET');
$jsonResponse = Zend_Json::decode($response->getBody());

// Check if operation was successful
if ($jsonResponse['success'] == false)
    die('getchallenge failed:'.$jsonResponse['error']['errorMsg']);

// Get token from response
$challengeToken = $jsonResponse['result']['token'];


//create md5 string concatenating user accesskey from my preference page 
//and the challenge token obtained from get challenge result. 
$generatedKey = md5($challengeToken.$userAccessKey);

//Create HTTP Client and set url and parameters
$client->setUri('https://example.com/webservice.php');
$client->setParameterPost(array(
    'operation' => 'login',
    'username' => $username,
    'accessKey' => $generatedKey
), true);

// Get Response (and decode)
$response = $client->request('POST');
$jsonResponse = Zend_JSON::decode($response->getBody());

// Check if operation was successful
if($jsonResponse['success']==false)
    die('login failed:'.$jsonResponse['error']['errorMsg']);

$session = $jsonResponse['result']['sessionName'];


// Query to select contacts
$query = "select * from contacts";

// Urlencode the query
$encodedQuery = urlencode($query);

//Create HTTP Client and set url and parameters
$client->setUri('https://example.com/webservice.php');
$client->setParameterGet(array(
    'operation' => 'query',
    'sessionName' => $session,
    'query' => $encodedQuery
));

// Get Response (and decode)
$response = $client->request('GET');
$jsonResponse = Zend_JSON::decode($response->getBody());

// Check if operation was successful
if($jsonResponse['success']==false)
    die('query failed:'.$jsonResponse['errorMsg']);

// Return contacts
$retrievedObjects = $jsonResponse['result'];

Answer 1

Don't encode your query, just do this:

// Query to select contacts
$query = "select * from Contacts";

//Create HTTP Client and set url and parameters
$client->setUri('https://example.com/webservice.php');
$client->setParameterGet(array(
    'operation' => 'query',
    'sessionName' => $session,
    'query' => $query
));

I guess the official documentation for vTiger Web Services is wrong..

Answer 2

my this code is working fine use this

<?php

function call($url, $params, $type = "GET") {
    $is_post = 0;
    if ($type == "POST") {
        $is_post = 1;
        $post_data = $params;
    } else {
        $url = $url . "?" . http_build_query($params);
    }
    $ch = curl_init($url);
    if (!$ch) {
        die("Cannot allocate a new PHP-CURL handle");
    }
    if ($is_post) {
        curl_setopt($ch, CURLOPT_POST, $is_post);
        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
    }

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $data = curl_exec($ch);

    $return = null;
    if (curl_error($ch)) {
        $return = false;
    } else {
        $return = json_decode($data, true);
    }

    curl_close($ch);

    return $return;
}

$endpointUrl = 'http://url/vtigercrm/webservice.php';
$userName = 'admin';
$userAccessKey = 'dsddsdsdsds';

$sessionData = call($endpointUrl, array("operation" => "getchallenge", "username" => $userName));
$challengeToken = $sessionData['result']['token'];
$generatedKey = md5($challengeToken . $userAccessKey);
$dataDetails = call($endpointUrl, array("operation" => "login", "username" => $userName, "accessKey" => $generatedKey), "POST");

$query = "SELECT * FROM Contacts WHERE cf_771='ajay' and cf_781='ajay';";
$queryParam = urldecode($query);

$sessionid = $dataDetails['result']['sessionName'];
$getUserDetail = call($endpointUrl, array("operation" => "query", "sessionName" => $sessionid, 'query' => $query));
echo "<pre>";
print_r($getUserDetail);
echo "</pre>";
if (!empty($getUserDetail['result'])) {
    echo "success!!!!";
} else {
    echo "fail!!!!";
}
?>

Answer 3

Having struggled with this using httpful I eventually realised that in that case you do need to encode the query, thus:

// vTiger: GET Query
// http://vtiger_url/webservice.php?operation=query&sessionName=[session id]&query=[query string] 

$query = urlencode("SELECT * FROM Leads;");
$uri = $vTiger_uri . "?operation=query&sessionName=" . $sessionName . "&query=" . $query;
$response_j = \Httpful\Request::get($uri)->send();

$response = json_decode($response_j, true);

echo "<p>Query: " . $query . "</p>";
echo "<pre>";
print_r($response);
echo "</pre>";