Api commands with different users

strzala · November 21, 2011, 12:11am

Hi
I have a problem with execution of API commands with different token_auths.

I’m writing a simple admin panel for users that are not superusers.

To add a site I run:

addSite with superuser’s token_auth
setUserAccess to view added site for the user with superuser’s token_auth
getSitesWithViewAccess with user’s token_auth

The problem is after first execution of a command with superuser’s token_auth system keeps superuser as a current user - Piwik::getCurrentUserTokenAuth() returns superuser’s token_auth. After second execution of a command with user’s token_auth the Piwik::getCurrentUserTokenAuth() correctly returns user’s token_auth, but the Piwik::isUserIsSuperUser() returns TRUE!!! What the hell?? Is this a bug? Can you help?

matthieu · November 21, 2011, 11:35pm

Can you please post the code you use ? so I can try and reproduce the issue, thanks!

strzala · November 25, 2011, 7:55pm

The function is executed by the logged-in user that with the View rights only.


function addSiteAndGetList($siteName, $redir_url, $user_token_auth, $admin_token_auth, $userLogin) {

  echo Piwik::getCurrentUserTokenAuth();  // returns user_token_auth
  echo Piwik::isUserIsSuperUser();        // returns false

  $request = new Piwik_API_Request('
        method=SitesManager.addSite
        &siteName='.$siteName.'
        &urls='.$redir_url.'
        &format=XML
        &token_auth='.$admin_token_auth
  );
  $result = $request->process();
  $result_xml = simplexml_load_string($result);
  if ( (string)$result_xml->error['message'] != '')
    return 'Error addSite: '.$result_xml->error['message'];
  else
    echo 'idSite: '.$result_xml;
    
  echo Piwik::getCurrentUserTokenAuth();  // returns admin_token_auth
  echo Piwik::isUserIsSuperUser();        // returns true
    
  $request = new Piwik_API_Request('
        method=UsersManager.setUserAccess
        &userLogin='.$userLogin.'
        &access=view
        &idSites='.$idSite.'
        &format=XML
        &token_auth='.$admin_token_auth
  );
  $result = $request->process();
  $result_xml = simplexml_load_string($result);
  if ( (string)$result_xml->error['message'] != '')
    return 'Error setUserAccess: '.$result_xml->error['message'];
  else
    echo $result_xml->result->success['message'];

  echo Piwik::getCurrentUserTokenAuth();  // returns admin_token_auth
  echo Piwik::isUserIsSuperUser();        // returns true


  $request = new Piwik_API_Request('
        method=SitesManager.getSitesWithViewAccess
        &format=XML
        &token_auth='.$user_token_auth
  );
  $result = $request->process();
  $result_xml = simplexml_load_string($result);
  if ( (string)$result_xml->error['message'] != '')
    return 'Error getSitesWithAtLeastViewAccess: '.$result_xml->error['message'];

  echo Piwik::getCurrentUserTokenAuth();  // [b]returns user_token_auth[/b]
  echo Piwik::isUserIsSuperUser();        // [b]returns true !!!!![/b]


  return $result_xml;

}

strzala · December 5, 2011, 10:09am

so, any idea?

matthieu · December 6, 2011, 1:48am

Thanks for the code!

Can you please try the following patch: http://dev.piwik.org/trac/changeset/5528

Does it work after applying it?

strzala · December 19, 2012, 10:06pm

/ Unfortunately it doesn’t work. Any other idea will be very helpfull.