@jonpasquier opened this Issue on May 9th 2011

I have embeded the Live Plugin as a widget (iframe) into an external website.
Since I have updated to the 1.4 version of Piwik, whenever a user enter on the page where the widget is embeded, he is redirected to the Piwik login screen with en error message "you cannot access this resource, a 'view' permission on site XX is required".

It seems that the problem comes from the controller of the Live plugin which makes calls to Piwik_API and Piwik_Live_API without having authenticated the user.

Here is a patch that ensures that the authentication token is used to authenticate user before starting to use the API.
Keywords: live widget

@jonpasquier commented on May 9th 2011
@mattab commented on May 10th 2011 Member

Does it still work when the token auth is not passed, ie. in the normal dashboard?

@jonpasquier commented on May 10th 2011

Yes, it does work.
If you are logged in Piwik and go to the page with the embedded widget, it works as well.

It seems that the problem comes from some functions in the Piwik_Live_API that check whether the user has view access to the site before doing anything.

@mattab commented on May 10th 2011 Member

OK Thanks for the patch, we'll try and commit it for the next release

@mattab commented on May 29th 2011 Member

(In [4827]) Fixes #2416 - Kuddos jpasquier for the patch

This Issue was closed on May 29th 2011
Powered by GitHub Issue Mirror