No announcement yet.

403 error for api calls from none-admin users

  • Filter
  • Time
  • Show
Clear All
new posts

  • 403 error for api calls from none-admin users


    I am trying to setup EspoCRM. Everything seemed to be working fine until I tried it with another (non-admin) user.

    I am getting a 403 error, when I promote the user to admin everything can be changed.

    The log message:
    [2017-01-24 20:38:15] Espo.ERROR: API [POST]:/:controller, Params:Array ( [controller] => Case ) , InputData: {"status":"New","priority":"Normal","type":"","tea msIds":["58865e5c7d5fc714f"],"teamsNames":{"58865e5c7d5fc714f":"Technische Commissie"},"name":"test","accountName":null,"acco untId":null,"contactsIds":[],"contactsNames":{},"description":""} - [] []
    [2017-01-24 20:38:15] Espo.ERROR: Display Error: , Code: 403 URL: /crm/api/v1/Case [] []
    I already tried all steps on this page:

    My apache2.conf:
    Options FollowSymLinks AllowOverride None Require all denied

    <Directory /usr/share>
    AllowOverride None
    Require all granted

    <Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted

    <Directory /var/www/html/crm/>
    AllowOverride All
    <Limit GET POST PUT DELETE HEAD OPTIONS PATCH> Order allow,deny Allow from all </Limit>
    Is there something I missed?

    In the attachments a screenshot from the roles is attached. I dont know why the field level for group and email accounts is set to 'no'. I cant seem to find a way to set these to yes.
    Attached Files

  • #2

    Possible this error you get because of bad assignment permission (or disabling of Users and Teams)


    • #3

      Thanks for the answer. All users and teams are enabled at this moment. How can I do a 'good' assignment of the permissions?

      At this moment I have:
      - A role 'Technische Commissie' (the screenshot from the first post shows the permissions for that role)
      - A team called 'Technische Commissie', the role 'Technische Commissie' is assigned to this team
      - A user, lets call hem Member A, which is added to the team 'Technische Commissie'

      All permissions 'seems' to be correctly added to the user. But still he cant create new cases, mails etc.


      • #4

        have you tried clearing all the caches.
        Administration->System->Clear Cache, Administration->System->Rebuild and Local cache


        • #5
          I did try to clear the cache, but not the rebuild. Tried it now, but still no luck


          • #6
            Maybe checking Administration->Users->"Current user" to verify there not a conflict.


            • #7
              Hi Dafnie, thanks for you answer

              But what do you mean? I checked the settings for my own account (the current user), and I have all the permissions (I am the admin). I cant find a conflict, but I am not exactly sure what you mean with a conflict to be honest


              • #8

                I got it working. I duplicated the user, and tried it with the new user. Now it works. Dont ask me why, but probobaly something got messed up in the database.

                Thanks for the answers!


                • #9
                  Hi All,

                  I think I have exactly the same issue now.
                  With API users as well as normal users. (I did not try it with Admin user because I need to separate things by teams/roles)
                  Current version: 5.6.14

                  Error in the logs:
                  [2019-11-07 14:48:42] Espo.DEBUG: API (403) GET /api/v1/lead/5dc13233eca9c4930; Route pattern: /:controller/:id; Route params: Array ( [controller] => lead [id] => 5dc13233eca9c4930 ) [] []

                  POST requests also do not work obviously because no new Leads created. (interesting, I was not able to find a log line for this, the system is on DEBUG loglevel)

                  The interesting thing is, if I delete the user and re-create it, with the exact same roles and teams setup, it works again, but after a few days it stops again.
                  As I see it always stops at 01:00 AM.

                  Please any help would be appreciated.

                  Until the final solution, I am deleting then keep re-creating the user but this is not the best way to fix it.