• State Suggested Answer
  • Locked Locked
  • Replies 27 replies
  • Answers 3 answers
  • Subscribers 95 subscribers
  • Views 15602 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

unable to create PersonWantsOrg via RESTApi

Kevin.Gorton
over 6 years ago 
We try a Post request to the PersonWantsOrg table with the following example body:
{
    "values": {
        "UID_Org": " 5c490797-b3ae-47c5-b2da-f1bc0e9ab675",
        "UID_PersonInserted":"8e93db71-7dc8-4f7f-bb2e-66c1951e85a3",
        "UID_PersonOrdered": "8e93db71-7dc8-4f7f-bb2e-66c1951e85a3",
        "OrderReason":"Test request via api"
    }
}

but receive the following error:
{
    "responseStatus":{
        "message":"This employee Fellers Joshua (JOSHUA.FELLERS) is not authorized to make requests at this point."},
        "errorString":"This employee Fellers Joshua (JOSHUA.FELLERS) is not authorized to make requests at this point.",
        "exceptions":[{"number":2133173,"message":"This employee Fellers Joshua (JOSHUA.FELLERS) is not authorized to make requests at this point."}]
    }
}

We verified the same request can be made by the user in ITShop.  and the person logged into the API has a System user of viAdmin assigned to it.   

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    The PersonWantsOrg table's UID_Org is a foreign key of Org not ItshopOrg, I don't follow? I tried using a UID from ITShopOrg just to try it, but then I get a "an error occured". 

  • 0 over 5 years ago in reply to joshua fellers

    I think you need to reconsider. PersonWantsOrg.UID_Org points to the table ITShopOrg not to the table Org, it never did.

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    Well that is a mean trick. OK then, any idea what this error might refer too then if I use a ITShopOrg UID:

    {"responseStatus":{"message":"An error occured."},"errorString":"An error occured.","exceptions":[{"number":2072000,"message":"An error occured."}]}

  • 0 over 5 years ago in reply to joshua fellers

    I checked back to version 4 and the property was called UID_Org pointing to ITShopOrg even then so no mean trick.

    In regards to your error message, the Application Server suppresses detailed error messages as one countermeasure against error based SQL injection. Means, you need to check the log of the Application Server for a detailed error.

    Or, you configure the web.config of the Application Server to send detailed error messages. Please note, that this should never be enabled in a production system!

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    at QBM.AppServer.Api.SingleService.<Post>d__1.MoveNext()
    2018-08-06 15:57:08.2876 ERROR (ObjectLog ) : [810306] Error during execution of 'OnSaved' in logic module 'QER.Customizer.PersonWantsOrg'.
    [810023] Error during execution of statement: insert into PersonWantsOrg (DisplayOrg, DisplayOrgParent, DisplayOrgParentOfParent, DisplayPersonInserted, DisplayPersonOrdered, GenProcID, ObjectKeyOrdered, OrderDate, OrderReason, OrderState, UID_ITShopOrgFinal, UID_Org, UID_OrgParent, UID_OrgParentOfParent, UID_PersonInserted, UID_PersonOrdered, UID_PersonWantsOrg, xdateinserted, xuserinserted, xdateupdated, xuserupdated, xobjectkey) values (N'Storage SuperUser', N'DCGS Users', N'Identity & Access Lifecycle', N'Fellers Joshua', N'Fellers Joshua', '166edaf2-10c5-4b39-a70c-a5e560963812', '<Key><T>QERAssign</T><P>5b10daeb-a80c-44dd-9243-0be8357e1e7b</P></Key>', '2018-08-06 19:57:07.475', N'Test request via api', N'OrderProduct', '1F911648-FE69-4BEE-AE17-E8F25E5B7D1B', '1F911648-FE69-4BEE-AE17-E8F25E5B7D1B', '939a4adc-46ba-4559-a98b-a84fd085fa2f', 'QER-ITSHOPORG-DELEGATION-SH', 'beab7678-6fbd-4db1-ac5e-2cce6c6bd256', 'beab7678-6fbd-4db1-ac5e-2cce6c6bd256', 'b2996865-a41c-41ce-a3cd-6729075e64e9', GetUTCDate(), N'D1IM\joshua.fellers.adm', GetUTCDate(), N'D1IM\joshua.fellers.adm', '<Key><T>PersonWantsOrg</T><P>b2996865-a41c-41ce-a3cd-6729075e64e9</P></Key>')
    [810143] Database error 50000: re-throw in Procedure QER_PITShopPersonHasObjectFill, Line 55
    [810143] Database error 50000: detected in (SRV=SQL\IDAM01, DB=D1IM) Procedure QER_PITShopPersonHasObjectFill, Line 18
    [810143] Database error 50000: ObjectkeyAssignment has an invalid number of PK definitions.
    VI.Base.ViException: Error during execution of 'OnSaved' in logic module 'QER.Customizer.PersonWantsOrg'. ---> VI.Base.ViException: Error during execution of statement: insert into PersonWantsOrg (DisplayOrg, DisplayOrgParent, DisplayOrgParentOfParent, DisplayPersonInserted, DisplayPersonOrdered, GenProcID, ObjectKeyOrdered, OrderDate, OrderReason, OrderState, UID_ITShopOrgFinal, UID_Org, UID_OrgParent, UID_OrgParentOfParent, UID_PersonInserted, UID_PersonOrdered, UID_PersonWantsOrg, xdateinserted, xuserinserted, xdateupdated, xuserupdated, xobjectkey) values (N'Storage SuperUser', N'DCGS Users', N'Identity & Access Lifecycle', N'Fellers Joshua', N'Fellers Joshua', '166edaf2-10c5-4b39-a70c-a5e560963812', '<Key><T>QERAssign</T><P>5b10daeb-a80c-44dd-9243-0be8357e1e7b</P></Key>', '2018-08-06 19:57:07.475', N'Test request via api', N'OrderProduct', '1F911648-FE69-4BEE-AE17-E8F25E5B7D1B', '1F911648-FE69-4BEE-AE17-E8F25E5B7D1B', '939a4adc-46ba-4559-a98b-a84fd085fa2f', 'QER-ITSHOPORG-DELEGATION-SH', 'beab7678-6fbd-4db1-ac5e-2cce6c6bd256', 'beab7678-6fbd-4db1-ac5e-2cce6c6bd256', 'b2996865-a41c-41ce-a3cd-6729075e64e9', GetUTCDate(), N'D1IM\joshua.fellers.adm', GetUTCDate(), N'D1IM\joshua.fellers.adm', '<Key><T>PersonWantsOrg</T><P>b2996865-a41c-41ce-a3cd-6729075e64e9</P></Key>') ---> VI.DB.DatabaseException: Database error 50000: re-throw in Procedure QER_PITShopPersonHasObjectFill, Line 55 ---> VI.DB.DatabaseException: Database error 50000: detected in (SRV=SQL\IDAM01, DB=D1IM) Procedure QER_PITShopPersonHasObjectFill, Line 18 ---> VI.DB.DatabaseException: Database error 50000: ObjectkeyAssignment has an invalid number of PK definitions.
    --- End of inner exception stack trace ---

  • 0 over 5 years ago in reply to joshua fellers

    You are requesting an assignment resource but do not fill the property ObjectkeyAssignment of the PersonWantsOrg entry. If this request should become a business role membership, you need to fill the ObjectkeyAssignment with the XObjectKey of the PersonInOrg entry that is requested.

    I suggest you take a look at the template of ShoppingCartItem.ObjectKeyAssignment that creates such a XObjectKey if you request the role membership via the ShoppingCart instead of entering all the data directly into PersonWantsOrg. This is what the Web Portal does.

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    Thanks. Problem solved. I appreciate all your help!