Working through this tutorial . I've created a buyer organization and buyer user buyer01
, and I've added a product to the buyer's catalog. I'd like to see that buyer01
has access to that product.
When I obtain an authentication token using buyer01
's credentials, and send GET to /v1/me
, I get this back:
{
"Buyer": {
"ID": "BUYER_ORGANIZATION",
"DefaultCatalogID": "BUYER_ORGANIZATION"
},
"Supplier": null,
"Seller": {
"ID": "XXXXXXXXXXXXX"
},
"ID": "BUYER_USER",
"CompanyID": "BUYER_ORGANIZATION",
"Username": "buyer01",
"Password": null,
"FirstName": "Buyer",
"LastName": "User",
"Email": "buyer@email.com",
"Phone": null,
"TermsAccepted": null,
"Active": true,
"xp": null,
"AvailableRoles": [
"MeAdmin",
"PasswordReset",
"Shopper"
],
"Locale": null,
"DateCreated": "2022-12-21T00:43:53.507+00:00",
"PasswordLastSetDate": "2022-12-21T00:43:53.543+00:00"
}
But when I try to see the products this user has access to, using GET /v1/me/products
, I get this back:
{
"Errors": [
{
"ErrorCode": "Auth.InsufficientRoles",
"Message": "User does not have role(s) required to perform this action.",
"Data": {
"RequiredRoles": [
"Shopper"
],
"AssignedRoles": [
"MeAdmin",
"PasswordReset"
]
}
}
]
}
Why does the first request show `shopper' role present, while the second shows it as missing?
I found the issue. When I requested the access token for buyer01
, I left the "Scope" setting as it was for when I earlier requested an admin token, assuming that "Shopper" was in the documented scope setting for the admin01
user:
scope: "CatalogAdmin BuyerReader MeAdmin InventoryAdmin PasswordReset OrderAdmin PriceScheduleAdmin ProductAdmin ProductAssignmentAdmin ShipmentAdmin",
I see now that it doesn't have `shopper', so when I requested a new token with the documented scope setting for the buyer user, I was able to get a 200 response:
scope: "MeAdmin PasswordReset Shopper",
{
"Meta": {
"Facets": [],
"Page": 1,
"PageSize": 20,
"TotalCount": 0,
"TotalPages": 0,
"ItemRange": [
1,
0
],
"NextPageKey": null
},
"Items": []
}
The tricky part is that even though the user permissions returned in the first request included "shopper", the access token I requested didn't include that in the scope, hence the 403.
The astute reader will note that I am still not seeing my products, however. I'll update my answer when I figure that part out.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.