sanity icon indicating copy to clipboard operation
sanity copied to clipboard

Published 20 hours ago verified publisher icon sanity-io

Insufficient Permissions for message input

Open Magowntown opened this issue 2 years ago • 6 comments

Describe the bug

Hi! I hope someone can help me with this issue. I apologize in advance for any missing information I may not provide due to my inexperience in coding.

I have set up a form that has a name, email, and message input what when filled out should send complete a schema to send to the sanity backend online. However whenever I click the submit button I encounter this error on my chrome console.

POST https://utsyx7w2.api.sanity.io/v2022-02-01/data/mutate/production?returnIds=true&returnDocuments=true&visibility=sync 403

ClientError {response: {…}, statusCode: 403, responseBody: '{\n "error": {\n "description": "the mutation(s)…\n }\n ],\n "type": "mutationError"\n }\n}', details: {…}, message: 'the mutation(s) failed: Insufficient permissions; permission "create" required', …} details: description: "the mutation(s) failed: Insufficient permissions; permission \"create\" required" items: [{…}] type: "mutationError" [[Prototype]]: Object response: {body: {…}, url: 'https://utsyx7w2.api.sanity.io/v2022-02-01/data/mu…turnIds=true&returnDocuments=true&visibility=sync', method: 'POST', headers: {…}, statusCode: 403, …} responseBody: "{\n \"error\": {\n \"description\": \"the mutation(s) failed: Insufficient permissions; permission \\\"create\\\" required\",\n \"items\": [\n {\n \"error\": {\n \"description\": \"Insufficient permissions; permission \\\"create\\\" required\",\n \"permission\": \"create\",\n \"type\": \"insufficientPermissionsError\"\n },\n \"index\": 0\n }\n ],\n \"type\": \"mutationError\"\n }\n}" statusCode: 403 message: "the mutation(s) failed: Insufficient permissions; permission \"create\" required" name: "ClientError" stack: "ClientError: the mutation(s) failed: Insufficient permissions; permission \"create\" required\n at onResponse (http://localhost:3000/static/js/bundle.js:4305:13)\n at applyMiddleware (http://localhost:3000/static/js/bundle.js:9677:23)\n at onResponse (http://localhost:3000/static/js/bundle.js:8908:22)\n at http://localhost:3000/static/js/bundle.js:8877:16\n at onLoad (http://localhost:3000/static/js/bundle.js:9519:5)\n at XMLHttpRequest.xhr.<computed> (http://localhost:3000/static/js/bundle.js:9382:5)" [[Prototype]]: BaseError

I have full admin privileges and believe I have the correct Token + ID for Sanity. Is there any idea as to what could be causing this?

To Reproduce

Steps to reproduce the behavior:

  1. Go to 'https://github.com/Magowntown/am_portfolio'
  2. Clone repo
  3. Run npm run start
  4. When in browser scroll to bottom and begin filling out form. When filled click submit and open developer console.

Expected behavior

The send button will change to Sending... but will not complete the send request and show the previous errors listed above.

Screenshots The Code:

image

Which versions of Sanity are you using?

Sanity v. 2.30.0

What operating system are you using?

Windows 10

Which versions of Node.js / npm are you running?

8.8.0

Additional context

Add any other context about the problem here.

Security issue?

None that I believe

Thank you in advance for any help you can provide!

Magowntown avatar May 11 '22 14:05 Magowntown

exactyle also i have the same bug

Aestheticsuraj234 avatar Jul 31 '22 10:07 Aestheticsuraj234

Hey! Please create a new Token with 'Editor' access.

deka1105 avatar Aug 28 '22 07:08 deka1105

Hey! Please create a new Token with 'Editor' access.

Created the Token with 'Editor' access still same bug

Mr-Nobody1 avatar Aug 28 '22 10:08 Mr-Nobody1

image

Mr-Nobody1 avatar Aug 28 '22 10:08 Mr-Nobody1

image

Mr-Nobody1 avatar Aug 28 '22 10:08 Mr-Nobody1

Hi someone find any solution? i think that the probleme is with your .env file i paste directly the token in client.js and its worked

jeanlouispasquier avatar Aug 31 '22 12:08 jeanlouispasquier

For me, the problem was my dotenv configuration was not finding my .env file, so my token was getting undefined. That's because I was calling a script from a root level (in a monorepo).

raulfdm avatar Sep 22 '22 13:09 raulfdm

Hi someone find any solution? i think that the probleme is with your .env file i paste directly the token in client.js and its worked

I have the same issue! Everything works fine when i directly use the token string. But I want to use it through .env file. Are there any solutions yet?

anhskrttt avatar Nov 26 '22 07:11 anhskrttt

Your API token has to be with [Editor] permission type.

Crawstein avatar Dec 22 '22 20:12 Crawstein

This is most likely happening because:

  1. The token you have don't have the correct permissions, and/or
  2. The token isn't properly loaded from the environment into your code.

You can confirm that the client have the token by logging it out in the console where you run your client.create/patch code:

console.log(client.config())

Look for the token property in the config object.

It can also be useful to know that you can set withCredentials: true in the client config to leverage a logged-in user's authentication client-side.

kmelve avatar Jan 12 '23 17:01 kmelve

Hi someone find any solution? i think that the probleme is with your .env file i paste directly the token in client.js and its worked

I have the same issue! Everything works fine when i directly use the token string. But I want to use it through .env file. Are there any solutions yet?

Hi, I have the same issue, could anybody find any solutions?

abroroo avatar Jan 22 '23 02:01 abroroo

@abroroo have you check this comment? https://github.com/sanity-io/sanity/issues/3284#issuecomment-1380734349

Try to console.log your .env values and see if they're being injected

raulfdm avatar Jan 22 '23 18:01 raulfdm

@abroroo have you check this comment? #3284 (comment)

Try to console.log your .env values and see if they're being injected

Yeah, the issue was that I was trying to access the token property in my component before it was fully loaded. Utils function to load the .env variables outside the component resolved the problem. Thank you!

abroroo avatar Jan 22 '23 18:01 abroroo

Your API token has to be with [Editor] permission type.

This worked for me. Thank you.

ReddyDivya avatar Apr 14 '23 14:04 ReddyDivya

  1. If you are using Next.js then your token's env variable must have "NEXT_PUBLIC_" as prefix. eg: "NEXT_PUBLIC_SANITY_USER_ADDER_TOKEN" Then use it anywhere as: process.env.NEXT_PUBLIC_SANITY_USER_ADDER_TOKEN

  2. Make sure your env file is in root directory.

  3. create token with "Editor" permission in your Manage project - API Section

  4. Add that token to your client.

parshwa26122002 avatar Jun 13 '23 04:06 parshwa26122002

Hey I got a solution If you guys are using vite then make sure in your .env file the name of variable starts with VITE for e.g -> VITE_REACT_SANITY_PROJECT_ID = jasdfhk3

or if you're using react you need to do like this REACT_SANITY_PROJECT_ID = sadag454

LynxSumit avatar Jul 05 '23 05:07 LynxSumit

Had the same bug and I have been able to fix it. First ensure that you're using the correct env naming convention and import for the server your using( either Create-React-APP=REACT_APP or Vite=VITE_APP or Create-Next-App=NEXT_APP etc.). Mind you, create-react-app & create-next-app env file are imported as process.env.REACT_APP || process.env.NEXT_APP respectively but Vite env files are imported as import.meta.env.VITE_APP. And finally check to see to see if your .env file is in the root directory, in other words, outside the /src directory otherwise .env variables won't be accessible for usage. Hope this helps you. Good luck. Happy coding!

evansosei0707 avatar Dec 21 '23 15:12 evansosei0707