Calling a function exposed by HTTP route results in a 403 error

Hi,

I want to expose groovy methods to the javascript part of the plugin using HTTP routes.
when calling the exposed method from javascript with the following code I get a 403 error:

(function () {
    $(document).on('shown.bs.tab', '[href="#morpheus-tab-plugin-lb"]', function (e) {
        console.log("TEST");
        $.ajax({
            type: "GET",
            url: "${createLink(controller: 'reverseTextController', action: '/reverseTask/json')}"
          }).done(function(data) {
              console.log("DONE")
          });
    });
}());

Any idea?

Thanks,
Nico

groovy code is not interpreted in JavaScript, you are going to need to use the path you specified in your plugin in directly in the JavaScript rather than expecting it to be interpreted.

if you have

List<Route> getRoutes() {
[
Route.build('reverseText/json', 'myFuncThatReturnsJSON', Permission.build("admin", "full"))
]
}

so instead of:

url: "${createLink(controller: 'reverseTextController', action: 'myFuncThatReturnsJSON')}"

you should just do

url: "/reverseText/json"

Thanks, still gives me a HTTP 403 but now with a json output: “{
“error”: “access denied”
}”

do you have the required permissions you set in the route? (admin, full)

yes,

/**
* Defines two Routes with the builder method
* @return
*/
List getRoutes() {
[
Route.build("/reverseTask/example", “example”, Permission.build(“admin”, “full”)),
Route.build("/reverseTask/json", “json”, Permission.build(“admin”, “full”))
]
}

ok the docs arent clear here you have to append /plugin/ to the route so in your case you will do

/plugin/reverseTask/example

That gets me further to this error:
[http-nio-127.0.0.1-8080-exec-4] MissingMethodException occurred when processing request: [GET] /plugin/reverseTask/json No signature of method: com.morpheusdata.core.PluginManager.handleRoute() is applicable for argument types: (org.codehaus.groovy.runtime.GStringImpl, com.morpheusdata.views.ViewModel...) values: [/reverseTask/json, com.morpheusdata.views.ViewModel@459e7a6c, ...] Possible solutions: handleRoute(java.lang.String, com.morpheusdata.views.ViewModel, java.util.List). Stacktrace follows: groovy.lang.MissingMethodException: No signature of method: com.morpheusdata.core.PluginManager.handleRoute() is applicable for argument types: (org.codehaus.groovy.runtime.GStringImpl, com.morpheusdata.views.ViewModel...) values: [/reverseTask/json, com.morpheusdata.views.ViewModel@459e7a6c, ...] Possible solutions: handleRoute(java.lang.String, com.morpheusdata.views.ViewModel, java.util.List) at com.morpheus.plugin.PluginManagerService.handleRoute(PluginManagerService.groovy:212) at com.morpheus.PluginManagerController.route(PluginManagerController.groovy:25) at com.morpheus.remote.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:20) [9 skipped] [36 skipped]

My Method to handle the route:

def json(ViewModel<Map> model){}

which version of the plugin api are you using, this is a bug that was fixed last February.

@Andy_Warner

I used com.morpheusdata:morpheus-plugin-api:0.12.0 previously.
Updated now to Version 0.13.1.
Similar error:

[http-nio-127.0.0.1-8080-exec-10] MissingMethodException occurred when processing request: [GET] /plugin/reverseTask/json No signature of method: com.morpheusdata.core.PluginManager.handleRoute() is applicable for argument types: (org.codehaus.groovy.runtime.GStringImpl, com.morpheusdata.views.ViewModel...) values: [/reverseTask/json, com.morpheusdata.views.ViewModel@1c628645, ...] Possible solutions: handleRoute(java.lang.String, com.morpheusdata.views.ViewModel, java.util.List). Stacktrace follows: groovy.lang.MissingMethodException: No signature of method: com.morpheusdata.core.PluginManager.handleRoute() is applicable for argument types: (org.codehaus.groovy.runtime.GStringImpl, com.morpheusdata.views.ViewModel...) values: [/reverseTask/json, com.morpheusdata.views.ViewModel@1c628645, ...] Possible solutions: handleRoute(java.lang.String, com.morpheusdata.views.ViewModel, java.util.List) at com.morpheus.plugin.PluginManagerService.handleRoute(PluginManagerService.groovy:212) at com.morpheus.PluginManagerController.route(PluginManagerController.groovy:25) at com.morpheus.remote.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:20) [9 skipped] [36 skipped]

Morpheus v5.5.0 will need to be used as this is the first version that uses morpheus-plugin-api v0.13.1 (the version where the bug was fixed)

with Morpheus v5.4.6 and plugin api version v.0.13.1 the recent error is gone but I am now back to the 403 error I started the thread with.
What am I missing?

You need to use Morpheus v5.5.0 if you are using plugin api version v0.13.1

Ok, is there a solution for the LTS branch? As I need to use LTS releases.

So, tried now with 5.5.0 release and plugin api version v0.13.1 and I get the same error.

Any idea?

Any chance you could share your plugin code and we can take a look?

I shared the code via teams with Chris Bunge last week.

I was able to take a look at your plugin code and run it locally. Give the following a try:

  1. In LBCustomTabPlugin.groovy you should define your own permissions… for example
@Override
public List<Permission> getPermissions() {
	Permission permission = new Permission('LB Custom Tab Plugin', 'lbCustomTabPlugin', [Permission.AccessType.full])
	return [permission];
}
  1. Change CustomTabController.groovy getRoutes() to:
List<Route> getRoutes() {
  [
    Route.build("/reverseTask/example", "example", Permission.build("lbCustomTabPlugin", "full")), 
    Route.build("/reverseTask/json", "json", Permission.build("lbCustomTabPlugin", "full"))
  ]
}

Notice the change on Permissions.build to use the new Permission defined as lbCustomTabPlugin

Before you were using Permissions.build("admin","full"). There is no admin permission in the system so it would never route.

Also, after you upload the plugin, make sure you logout and login again to make sure your user’s permissions are recalculated.

Still the same result unfortunately