Permission denied while modifying row by button in universal app

Your Setup:

• SeaTable Enterprise Edition
• SeaTable V5.1.9

Describe the Problem/Error/Question:

Hi everyone, I’m sure (or at least I hope ) I’m just missing something, but I just can’t figure it out . Here’s my problem: I have a table with a button row launching a script. I use a Universal App/Single record page to access the data.

• I shared the base with another user (read-write permission)
• I added the user in the Universal App (Default role) and defined in my page that Default role and admin can both modify the records.

From within the base, no problem, everything works fine: when the user click on the button, this actually fires the script.
From within the app, I got an error 403 : Permission denied from the web console and the following error from my dtable_web.log: django.request[241] - Forbidden: /api/v2.1/universal-apps/MY_APP_UUID/modify-row-via-button/
Do I have to configure this “modify-row-by-button” permission somewhere ?

Thanks for your help !

Bests,
Benjamin

I conducted a test using a script of “number + 1”, and it ran normally.

Has the user write and read access to the app?

Hi both of you,
@Leo.Shi, this is weird . A few things I forgot to mention or perhaps didn’t explain properly:

• My SeaTable version is Self-Hosted
• Everything works fine when I (the admin) use the app. The problem occurs when the other user try to modify a row by clicking a button from the App (I saw in your screenshot that the user icon is the same than the one you use on the forum, so I thought maybe you logged in directly as admin, not as another user)

@Soonimproveduser as I said, I added the user in the User and role management page from the App with the “Default role” role, and specify in my Single record page settings that both Admin and Default role can modify records. I also shared the base with this user with read-write permissions (on the base web view), not sure if this is necessary… Is this what you meant by the user having write and read access to the app or did I miss something ?

Bests,
Benjamin

“I tested using a non-administrator account and did not encounter this issue again.”

Thanks for testing. Too bad, I thought this could have ben the source of the problem

Re-reading this thread again, I explicitly added the following users settings block in my dtable_web_settings.py because I thought the definition of the default role permissions could be a problem, but it didn’t change anything.

ENABLED_ROLE_PERMISSIONS = {
    'default': {
        'can_add_dtable': True,
        'can_add_group': True,
        'can_generate_external_link': True,
        'can_create_common_dataset': True,
        'can_run_python_script': True,
        'can_use_advanced_permissions': True,
        'can_use_advanced_customization': True,
        'can_use_external_app': True,
        'can_use_automation_rules': True,
        'can_archive_rows': True,
        'role_asset_quota': '',
        'row_limit': -1,
        'big_data_row_limit': -1,
        'big_data_storage_quota': '',
        'scripts_running_limit': -1,
        'snapshot_days': 180,
        'share_limit': 100
    },
    'guest': {
        'can_add_dtable': False,
        'can_add_group': False,
        'can_generate_external_link': False,
        'can_create_common_dataset': False,
        'can_run_python_script': False,
        'can_use_advanced_permissions': False,
        'can_use_advanced_customization': False,
        'can_use_external_app': False,
        'can_use_automation_rules': False,
        'can_archive_rows': False,
        'role_asset_quota': '',
        'row_limit': -1,
        'snapshot_days': 30,
        'share_limit': 100
    },
}

If you can advise me in which direction to look to solve the problem, I’d greatly appreciate it.

Bests,
Benjamin