Basic error | podio-php

Follow

Vincent Poirier

• November 25, 2014 16:21

We're getting a basic error that lacks logic to us.

We authenticated with the App 8984133 to be able to delete the item 219856764. That item is indeed in the App 8984133 as suggests the API Sandbox tests and our eyes.

Does the App authentication itself have the right to delete items?

$app_id = '8984133';
$app_secret = 'SECRET';
Podio::authenticate('app', array('app_id' => $app_id, 'app_token' => $app_secret));
PodioItem::delete($_POST['item_id']);

[25-Nov-2014 11:13:34 America/Montreal] PHP Fatal error: Uncaught PodioForbiddenError: "The app with id 8984133 does not have the right delete on item with id 219856764"
Request URL: http://api.podio.com/item/219856764

Any idea?
If more details are required, let us know!
Thank you for any feedback.

0

• 

  Andreas Haugstrup Pedersen

  • November 25, 2014 23:17

  App auth counts as a light user on the app and works under the same restrictions as light users. If I recall correctly that means app auth can only delete items created by app auth. Maybe if the "Don't let members edit items in this app" setting is disabled they can delete more but I don't remember.

  You can always check rights by getting the item and looking at the rights property. Or you can use the can method. E.g.

  $item = PodioItem::get(123);
  if ($item->can('delete')) {
    print "I can delete this";
  }
  

  0

  Comment actions Permalink
• 

  Vincent Poirier

  • November 26, 2014 13:41

  I am not the "Organization Admin", I can't seem to be able to validate that setting.
  The only workaround I see is authenticating through a user, and that's not too clean in my opinion.

  0

  Comment actions Permalink

Please sign in to leave a comment.