REST File API Not Allowing Authenticated User To Write or Read Files

leroy-oosthuyzem · September 14, 2016, 9:52am

Hi,

I’m trying to use the REST API to upload files to my app. I have the user-token in the request header and permissions configured to allow my test user access but I get an error saying:

“Object {code: 4000, message: “User has no permissions to specified resource”}”

When I enable access for Unauthenticated Users, everything works fine.

I have the exact same user rights configured on some Data tables, and using the same REST call gives me access, no problem. Am I missing something unique on the File API?

Thanks.

stanislaw.grin · September 14, 2016, 11:29am

Hi Leroy,

maybe you have some permissions on directory direct? It can be found by clicking on small lock icon in actions column of Files table. Or maybe this operation restricted for RestUser role (see Users → Security and Restrictions). Try to create another test user and see if this issue reproducing for a new user.

If all of this permissions are marked as granted, please provide us you App ID to investigate this issue.

Regards,
Stanislaw

leroy-oosthuyzem · February 5, 2017, 3:41pm

Hi,

I’ve now tried all combinations of permissions and still can’t seem to get access. My application ID is:

C855FF23-D9F5-874A-FFC4-300F60B6C300.

I’m using the REST API and a typical request looks as follows:

------WebKitFormBoundaryrjyJWbDn9ipnvoK7–

leroy-oosthuyzem · February 5, 2017, 3:43pm

<ol>
Request URL:
https://api.backendless.com/C855FF23-D9F5-874A-FFC4-300F60B6C300/v1/files/TestFolder/TestFile

Request Method:
POST

Status Code:

400 Bad Request

Remote Address:
149.56.79.124:443
</ol>Response Headersview source
<ol>
Connection:
keep-alive

Content-Length:
72

Content-Type:
application/json; charset=utf-8

Date:
Sun, 05 Feb 2017 15:35:39 GMT

Server:
nginx/1.8.1
</ol>Request Headersview source
<ol>
Accept:
*/*

Accept-Encoding:
gzip, deflate, br

Accept-Language:
en,en-ZA;q=0.8,en-GB;q=0.6

application-id:
C855FF23-D9F5-874A-FFC4-300F60B6C300

application-type:
REST

Cache-Control:
no-cache

Connection:
keep-alive

Content-Length:
39534

Content-Type:
multipart/form-data; boundary=----WebKitFormBoundaryrjyJWbDn9ipnvoK7

Host:
api.backendless.com

Origin:
http://evil.com/

Pragma:
no-cache

Referer:
http://192.168.1.247:8080/

secret-key:
94605679-6788-57CD-FFC4-4AE4C8EDAF00

User-Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

user-token:
728419C3-4955-81CC-FF7D-34F53DEE0900
</ol>Request Payload
<ol>------WebKitFormBoundaryrjyJWbDn9ipnvoK7
Content-Disposition: form-data; name="file"; filename="response.pdf.pdf"
Content-Type: application/pdf


------WebKitFormBoundaryrjyJWbDn9ipnvoK7--
</ol>

mark-piller · February 5, 2017, 5:09pm

Hi Leroy,

I created a test user in your app (you will see me - mark@backendless.com), logged in, got user token and ran the following request:

curl -H application-id:C855FF23-D9F5-874A-FFC4-300F60B6C300 -H secret-key:YOUR-REST-SECRET-KEY -H user-token:C733238B-BEB0-E9E9-FFB6-82636BD7E200 -H Content-Type:“multipart/form-data” --form upload=@README.md -X POST -v http://api.backendless.com/v1/files/TestFolder/TestFile

The file was uploaded just fine, you can see it at (must be fetched with a valid user-token):
https://api.backendless.com/c855ff23-d9f5-874a-ffc4-300f60b6c300/v1/files/TestFolder/TestFile

This confirms that the API works as documented.

Regards,
Mark

mark-piller · February 5, 2017, 5:13pm

You can see the curl’s request/response headers at:
http://pastebin.com/qWtuWz7k

leroy-oosthuyzem · February 5, 2017, 5:37pm

Thanks so much for the quick response. This helped me find a very stupid mistake in my code. Thanks again!