on 2023 Sep 14 9:13 PM
Does the endpoint GET /api/v1/quotes/{quoteId} get data only for active revision for other quote owners?
The test showed that endpoint GET /api/v1/quotes/{quoteId} gets data for
However, CPQ returns 403 forbidden with the message "Logged user doesn't have permission to view this quote" when we get data from non-active revision for Other Quotes.
Request clarification before answering.
Issue fixed on CPQ February release 2402.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
shawn.yong
seems like you don't have permission for the API user which youre trying to make a call. check if Admin or Non-Admin.
Only Admin can pull the data from API and also the permissions been given to a User.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
yoganandamuthaiah
Thank you for your feedback.
I am using an Admin user who can view all quotes on CPQ.
I have found similar use case. When the Admin user navigates on CPQ, he can view or edit a non-active revision for other quote owners.
But using this URL https://{cpqEnvironmentUrl}/cart/edit?quoteId={quoteId}, CPQ shows the same error as in the API call.
### To get Bearer Token
POST {{cpq_new_url}}/basic/api/token
Content-Type: application/json;charset=UTF-8
grant_type=password&username={{userid}}&password={{pass}}
---------------------------------------------------------------------
### To Get Quote details
GET {{cpq_new_url}}/api/v1/quotes/4154
Authorization: Bearer {{accessToken}}
Content-Type: application/json
shawn.yong
I tried {{cpq_new_url}}/api/v1/quotes/4154 with a bearer token and the result are as follows:
Use Case 1: Pull data from a quote using the Quote ID for an Active revision where the API user is the owner of the Quote. Success.
Use Case 2: Pull data from a quote using the Quote ID of the Non-Active revision where the API user is the owner of the Quote. Success.
Use Case 3: Pull data from a quote using the Quote ID of the Active Revision where the API user is not the owner of the Quote. Success.
Use Case 4: Pull data from a quote using the Quote ID of the Non-Active Revision where the API user is not the owner of the Quote. Fail. Error message: "Logged user doesn't have permission to view this quote"
As per use case 4, if the API user lacked permission to view another user's quote, then use case 3 should have failed as well.
User | Count |
---|---|
6 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.