I am trying to create a new custom field using the /custom_fields API, but I'm seeing strange behavior in authentication: The POST fails even though similar POST to other resources (like /issues) with the same creds.
My code is producing a post that seems valid (and GET works fine):
method='POST'
url='http://localhost/custom_fields.json'
headers={'User-Agent': 'netbot/0.0.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Content-Type': 'application/json', 'X-Redmine-API-Key': 'VALID_ADMIN_KEY', 'Content-Length': '130'}
body='{"custom_field": {"name": "cf_yoyo", "customized_type": "issue", "field_format": "string", "is_filter": true, "searchable": true}}', 'hooks': {'response': []}, '_body_position': None}
The response give me a 403 Forbidden, and the request logs are:
I, [2024-02-25T19:03:00.809842 #881] INFO -- : [REQID] Started POST "/custom_fields.json" for 192.168.65.1 at 2024-02-25 19:03:00 +0000
I, [2024-02-25T19:03:00.810727 #881] INFO -- : [REQID] Processing by CustomFieldsController#create as JSON
I, [2024-02-25T19:03:00.810804 #881] INFO -- : [REQID] Parameters: {"custom_field"=>{"name"=>"cf_yoyo", "customized_type"=>"issue", "field_format"=>"string", "is_filter"=>true, "searchable"=>true}}
I, [2024-02-25T19:03:00.812697 #881] INFO -- : [REQID] Current user: anonymous
I, [2024-02-25T19:03:00.813474 #881] INFO -- : [REQID] Filter chain halted as :require_admin rendered or redirected
I, [2024-02-25T19:03:00.813613 #881] INFO -- : [REQID] Completed 403 Forbidden in 3ms (ActiveRecord: 0.4ms | Allocations: 642)
The "Current user" is confusing to me, because a POST to /issues with the same headers results in:
I, [2024-02-25T19:24:43.205444 #881] INFO -- : [REQIQ] Started POST "/issues.json" for 192.168.65.1 at 2024-02-25 19:24:43 +0000
I, [2024-02-25T19:24:43.206233 #881] INFO -- : [REQIQ] Processing by IssuesController#create as JSON
I, [2024-02-25T19:24:43.206302 #881] INFO -- : [REQIQ] Parameters: {"issue"=>{"project_id"=>1, "subject"=>"subject", "description"=>"body"}}
I, [2024-02-25T19:24:43.209704 #881] INFO -- : [REQIQ] User switched by: admin (id=815)
I, [2024-02-25T19:24:43.209808 #881] INFO -- : [REQIQ] Current user: admin (id=815)
I, [2024-02-25T19:24:43.262403 #881] INFO -- : [REQIQ] Rendered issues/show.api.rsb (Duration: 1.0ms | Allocations: 480)
I, [2024-02-25T19:24:43.262647 #881] INFO -- : [REQIQ] Completed 201 Created in 56ms (Views: 1.5ms | ActiveRecord: 6.6ms | Allocations: 16307)
Note the user ID 815 is an admin user created specifically for API access and as admin privileges. Same API token for both requests, and this log is from a specific test that involved checking if forced impersonation made any difference. It didn't, and I have not been able to find a way to create custom fields via API.
GET /custom_fields.json operates as expected.
Problems creating a custom field using POST to /custom_fields.json
RE: Problems creating a custom field using POST to /custom_fields.json
-
Added by Holger Just 2 months ago