@TCahn opened this Issue on March 22nd 2018

Hi,
Overlay-Api Call’s didn’t work with View or Admin rights (only with “Super-User Rights”):

Scenario:

  1. Piwik-Account with view-rights (or admin-rights).
  2. Overlay.getFollowingPages Api-Call in a Browser without a Matomo-Login AND anonymous = No Access Rights <== Important!!! Example:
    https://demo.matomo.org/index.php?module=API&method=Overlay.getFollowingPages&url=https://forum.matomo.org/&idSite=7&period=year&date=yesterday&format=xml&token_auth=<USER-ACCOUNT-TOKEN –WITH-VIEW-RIGHT>
  3. Error: You can’t access this resource as it requires ‘view’ access for the website id = 7

=> Other Api-Methods with this "View-token" are working. For example: Actions.getPageUrl

More Information:

  • Overlay is working in the web interface (with this view-user-account).
  • The Overlay.getFollowingPages call is working, with "&token_auth=anonymous" after adding View-Rights to User "Anonymouse".
  • The Overlay.getFollowingPages call is working after adding "Super User Rights" to the account with the used token.

Could you please fix this bug.
Thank you! :-)
Thomas

This Issue was closed on April 2nd 2018
Powered by GitHub Issue Mirror