Remote permission bug?

Discussion in 'General' started by jesucarr, Mar 8, 2012.

  1. jesucarr

    jesucarr New Member

    I'm getting this error when trying to execute domains_get_all_by_user:

    Uncaught SoapFault exception: [permission_denied] You do not have the permissions to access this function.

    My ISPconfig is 3.0.4.3, the remote user has all the permissions checked in the admin area, and all the other functions work perfectly.

    I'm running out of ideas, am I missing something? is it possible that it is a bug?
     
  2. till

    till Super Moderator

    I've checked that in SVN stable and all permissions are listed there. Check the file /usr/local/ispconfig/interface/web/domain/lib/remote.conf.php, the function domains_get_all_by_user should be listed there. If not, add it. Afterwards edit the remote_user and add the domain permissions again.
     
  3. jesucarr

    jesucarr New Member

    Yes, the function is listed there, then I went to the remote user and uncheck/save/check/save all the permissions, in case it needed some kind of refresh. Still same error. I guess the user (who I want the domains list) doesn't need any special permissions...
     
  4. till

    till Super Moderator

    Check the remote_user recordin the mysql database of the user that you use to connect to the server to see if it contains "domains_get_all_by_user" in the remote functions field.

    Another possibility is that you have not been logged into the remote system before you executed the function or that you passed a wrong session id.
     
  5. jesucarr

    jesucarr New Member

    Bingo! that was the bug. That function was missing in the database, I added it, and now it has permissions. However, the result is an empty array, no matter what user id I use. Any ideas where is the problem?
     
  6. till

    till Super Moderator

    The function requires a numerical groupid as parameter (see description in remote api docs) and not a username or userid.
     
  7. jesucarr

    jesucarr New Member

    I think I'm using the correct group id, but digging a bit deeper, I realised that the "domain" table is empty, and apparently domains_get_all_by_user queries that table, right? do I have a misconfiguration somewhere?
     
  8. till

    till Super Moderator

    The function you use lists the domains of the domain module and not the websites. I guess you mixed these two functions up. This would also explain why you did not had the permission for this function as the permission is only available after you enabled the domain module under system > interface config and enabling the domain module for the admin user under system > cp users (relogin after you did that).

    To get all websites by sysstem group (e.g. group 1), you use this function:

    Code:
    sites_web_domain_get($session_id, array('sys_groupid' => 1))
     
  9. jesucarr

    jesucarr New Member

    riiiight! that was it! working now. Thanks a lot for your help.

    Now, I'm puting the sys_groupid manually, is there a way to get it using the client id?
     
  10. till

    till Super Moderator

    The groupid is connected to the client_id directly, every client ahs its own group. You can see this e.g. in sys_group table. But we will add the client_id as selector for api functions soon.
     
  11. domains_get_all_by_user

    Guys, same issue, but I'm actually looking for a list of domain names registered by a client, not websites or web domains.

    So I should get an array of domains back when using domains_get_all_by_user with the session_id and client_id. But it returns an empty array because the mysql table domain is empty. All the domains are listed in dns_soa as origin.

    Is this right? Is the domain table not used yet? I'm hosting 53 domains in this ISPConfig multiserver install using a dedicated dns as N1 and a mirror dedicated dns as N2.

    Thanks
     
  12. till

    till Super Moderator

    Yes, thats correct. The domain table are the client domin limits and not the domains of the user. The domain tabl is only used when you enabled the domain limits under system > interface config. The dns_soa table re the dns zones. If you want to query th dns zones, thn use the dns zone functions of the remote api.
     
  13. Thanks Till.

    Is there a specific function for returning all dns zones under a specific client_id? The only ones I see are these for dealing with overall DNS zones:

    public function dns_zone_get($session_id, $primary_id)

    public function dns_zone_get_id($session_id, $origin)

    public function dns_zone_add($session_id, $client_id, $params)

    public function dns_zone_update($session_id, $client_id, $primary_id, $params)

    public function dns_zone_delete($session_id, $primary_id)

    Doesn't seem to be anything to fetch all zones by $session_id and $client_id.
     
  14. till

    till Super Moderator

    Either you use:

    dns_zone_get_by_user($session_id, $client_id, $server_id)

    or you fetch them by their group id like this:

    dns_zone_get($session_id, array('sys_groupid' => 123));

    all *_get functions can seach for reacords when you pass a array as primary_id which contains the search field and the value that you search for.
     
  15. follow up question

    Can you commit more than one action per session?

    $sysname['sysname'] is the ISPConfig username where I relate my application with ISPConfig.

    Here's my code:

    $zone_serial = date("Ymd").'01';
    require('../../functions/ispc.php');
    $client = new SoapClient(null, array('location' => $soap_location,'uri'=>$soap_uri,'trace' => 1,'exceptions' => 1));
    try {
    $session_id = $client->login($username,$password);
    $client = $client->client_get($session_id, array('username' => $sysname['sysname']));
    $client_id = $client[0]['client_id'];
    //Insert zone
    $zone_params = array(
    'server_id' => 2,
    'origin' => $domain['domain'].'.',
    'ns' => 'ns1.'.$domain['domain'].'.',
    'mbox' => 'webmaster.'.$domain['domain'].'.',
    'serial' => $zone_serial,
    'refresh' => '28800',
    'retry' => '7200',
    'expire' => '604800',
    'minimum' => '86400',
    'ttl' => '86400',
    'active' => 'y',
    'xfer' => '',
    'also_notify' => '',
    'update_acl' => '',
    );
    $zone_id = $client->dns_zone_add($session_id, $client_id, $zone_params);
    //print_r($zone_id);

    $ns_params = array(
    'server_id' => 2,
    'zone' => $zone_id,
    'name' => 'ns1',
    'type' => 'ns',
    'data' => 'ns1',
    'aux' => '0',
    'ttl' => '86400',
    'active' => 'y',
    'stamp' => 'CURRENT_TIMESTAMP',
    'serial' => '1',
    );
    $ns_id = $client->dns_ns_add($session_id, $client_id, $ns_params);
    //echo "Client: ".$affected_rows."<br>";
    $client->logout($session_id);
    }
    catch (SoapFault $e) {
    echo $client->__getLastResponse();
    die('SOAP Error: '.$e->getMessage());
    }

    Or do I need to break up each action with its own session? The above doesn't insert my new domain zone and likewise, the ns record isn't created.

    Thanks!

    EDIT: Wait, I think I see where I reassigned $client a new value... might've solved my own dumb problem.
     
    Last edited: Jan 31, 2014
  16. Nevermind

    Answered my own question... multiple actions can be done per session, as long as I don't accidentally write over my $client value...

    Thanks!
     
  17. till

    till Super Moderator

    A session can be used for multiple actions. It times out after 600 seconds inactivity or when yu clode the session explicitly by calling the logout function.
     

Share This Page