I want to add SalesOrder through vTiger webservice. I'm using for this vtwsclib. Here is the code:
<?php
include_once('vtwsclib/Vtiger/WSClient.php');
$url = 'http://localhost:8888';
$client = new Vtiger_WSClient($url);
$login = $client->doLogin('admin', 'zzzzzzzz');
if(!$login) echo 'Login Failed';
else {
$data = array(
'subject' => 'Test SalesOrder',
'sostatus' => 'Created',
'invoicestatus'=>'AutoCreated',
'account_id'=> '46', // Existing account id
'bill_street' => 'Bill Street',
'ship_street' => 'Ship Street',
);
$record = $client->doCreate('SalesOrder', $data);
$error = $client->lasterror();
if($error) {
echo $error['code'] . ' : ' . $error['message'];
}
if($record) {
$salesorderid = $client->getRecordId($record['id']);
}
}
?>
And I get only: "ACCESS_DENIED : Permission to perform the operation is denied for id".
Account_id exists in database. Other SalesOrder was added with the same account_id but through webpage. I have also tried variant with accout_id = "6x46" where 6 is module_id. It also didn't work. Any ideas how to solve this problem?
I think you should be trying 11x46 for account id. Vtiger web services entity id's are different from tabids.
To get a correct list of all entity ids, execute this in your MySQL for the CRM:
select id, name from vtiger_ws_entity;
Problem lies in vtiger documentation. add entityName parameter in GET request.
var q = "select * from Users;";
"http://vtigercrm/webservice.php?operation=query&sessionName=ABC&entityName=XYZ&query="+q
This worked well for me. Although still couldn't understand that by giving any entityName or garbage string, program works !!! Please comment if you know more about this.
This is a method that might helps you to generate query q
"http://vtigercrm/webservice.php?operation=query&sessionName=ABC&query="+q
for exemple you expect :
SELECT * FROM INVOICE WEHRE id='72xxx';
you can do
buildVtigerQuery('INVOICE', ['id' => '72xx']);
this is the function :
protected function buildQuery(
string $moduleName,
array $filterData = [],
string $attributes = '*',
int $start = 0,
int $limit = null
): string {
$query = 'SELECT ' . $attributes . ' FROM ' . $moduleName . ' ';
if (!empty($filterData)) {
$query .= 'WHERE ';
foreach ($filterData as $key => $value) {
$whereOperator = (is_numeric($value) === true) ? ' = ' : ' like ';
$value = (is_numeric($value) === true) ? $value : '%' . $value . '%';
$query .= $key . $whereOperator . '\'' . $value . '\'' . ' AND WHERE ';
}
}
if (substr($query, -11) === ' AND WHERE ') {
$query = substr_replace($query, "", -11);
}
if ((!is_null($limit)) && (0 < $start)) {
$query .= ' ORDER BY id LIMIT ' . $start . ',' . $limit;
}
if (!is_null($limit) && (0 >= $start)) {
$query .= ' ORDER BY id LIMIT ' . $limit;
}
return $query . ';';
}
i didn't take XSS injection into consideration because my expected query q will be written in the url
来源:https://stackoverflow.com/questions/15532107/vtiger-webservice-access-denied-permission-to-perform-the-operation-is-denied