The Wayback Machine - https://web.archive.org/web/20201029120143/https://github.com/directus/api/issues/1983
Skip to content

/ api

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

401 error when inserting into a M2M field via API #1983

Open
timfee opened this issue Sep 5, 2020 · 1 comment
Open

401 error when inserting into a M2M field via API #1983

timfee opened this issue Sep 5, 2020 · 1 comment

Comments

@timfee
Copy link

@timfee timfee commented Sep 5, 2020

Details

Version: 8.8.1
Installed via DigitalOcean droplet, stock configuration

Database details

The tables in question are

tweet

 CREATE TABLE `tweet` (
  `id` bigint(11) unsigned NOT NULL AUTO_INCREMENT,
  `author` varchar(40) DEFAULT NULL,
  `tweet` text,
  `body` text,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB

Screen Shot 2020-09-05 at 1 22 31 PM

category

 CREATE TABLE `category` (
  `id` varchar(40) NOT NULL,
  `name` varchar(40) DEFAULT NULL,
  `color` varchar(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `id` (`id`)
) ENGINE=InnoDB

Screen Shot 2020-09-05 at 1 23 24 PM

and a M2M association table that Directus created:

 CREATE TABLE `tweet_category` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `tweet_id` bigint(11) unsigned NOT NULL,
  `category_id` varchar(40) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB

Screen Shot 2020-09-05 at 1 22 38 PM

Problem

When I try to create a new record by hitting/project-id/items/tweet, I get

{
    "error": {
        "code": 3,
        "message": "Unauthorized request",
        "class": "Directus\\Exception\\UnauthorizedException",
        "file": "/var/directus/src/core/Directus/Permissions/Acl.php",
        "line": 991
    }
}

(using values id=123&author=timfee&tweet=hi)

This is despite having full public read/write access and using the superuser token.

However...

When I delete the category field from tweet, I am able to create a new record successfully.

Is there something I'm doing wrong?

PS, this issue aside, this has been such a breeze to setup and a welcome change from fighting with Keystone and similar :) Thanks for whatever help!
@timfee
Copy link
Author

@timfee timfee commented Sep 6, 2020

So, I figured this out; I set directus_users.token for my API user, and used that:

    const client = new DirectusSDK({
      url: process.env.API_URL,
      project: process.env.API_PROJECT,
      mode: 'jwt', /* may not matter? */
      token: process.env.API_TOKEN,
    })

This allowed the new item to be created.

Perhaps the culprit is that granting Public permission to create records where a M2M relation is present fails with an ACL-related issue.

If WAI or WONTFIX, a better message could be helpful, e.g. "Public cannot a new record with relation" -- otherwise, the culprit may be something along the lines of Public's ability to create records? :)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
1 participant
@timfee
You can’t perform that action at this time.