I have embeded the Live Plugin as a widget (iframe) into an external website.
Since I have updated to the 1.4 version of Piwik, whenever a user enter on the page where the widget is embeded, he is redirected to the Piwik login screen with en error message "you cannot access this resource, a 'view' permission on site XX is required".
It seems that the problem comes from the controller of the Live plugin which makes calls to Piwik_API and Piwik_Live_API without having authenticated the user.
Here is a patch that ensures that the authentication token is used to authenticate user before starting to use the API.
Keywords: live widget
Attachment:
live_plugin_token_auth_for_api_calls.patch
Does it still work when the token auth is not passed, ie. in the normal dashboard?
Yes, it does work.
If you are logged in Piwik and go to the page with the embedded widget, it works as well.
It seems that the problem comes from some functions in the Piwik_Live_API that check whether the user has view access to the site before doing anything.
OK Thanks for the patch, we'll try and commit it for the next release
(In [4827]) Fixes #2416 - Kuddos jpasquier for the patch