You don't have the permission to access the requested resource in Python Eve

Question

When hitting the REST endpoint with DELETE (http://localhost:5000/tax/559c0180b9f1f1072f240065), I receive an error. The error was as follows. Tax is the collection I'm attempting to delete and the following value in the URL is the id of the document I'd like deleted. Status 403 FORBIDDEN Show explanation Loading time: 7 Request headers Accept: application/json Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo CSP: active User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8 Response headers Content-Type: application/json Content-Length: 180 Server: Eve/0.6-dev0 Werkzeug/0.10.4 Python/2.7.6 Date: Tue, 07 Jul 2015 16:46:40 GMT

{ _status: "ERR" _error: { message: "You don't have the permission to access the requested resource. It is either read-protected or not readable by the server." code: 403 }- } The payload I used was {"KONG": "Donkey"}

What can I do to resolve this issue?

The code I used is at the following links

https://gist.github.com/anonymous/fda6080f3e7910d4be84 https://gist.github.com/anonymous/3bab73901f901087177b

Answer 1

You also need to provide a If-Match header (along with the document ETag) with your request. See Data Integrity and Concurrency Control. By default Etags are required for all edit operations, but you can opt-out by simply setting IF-MATCH to False:

If your use case requires, you can opt to completely disable concurrency control. ETag match checks can be disabled by setting the IF_MATCH configuration variable to False (see Global Configuration). When concurrency control is disabled no etag is provided with responses. You should be careful about disabling this feature, as you would effectively open your API to the risk of older versions replacing your documents.