Agile Support Forum

Is there anything special I need to do for webservices to work from an Agile setup? I would also like to have keys for only certain shops, is that possible?

The key I generate does not work.

I used this guide to get a quick overview.
http://doc.prestashop.com/display/PS16/ ... ack+office

PS
The key didn't work because PS does not generate the correct htaccess rewrite rules for my server.
https://www.prestashop.com/forums/topic ... nt-2726115

thanks for using our modules.
Not sure what you are trying to archive.
Our modules does not provide web service access. But it should not affect PrestaShop we service itself.

I'm trying to achieve access for sellers using the API to view completed orders for their account only with details like shipping address, item, and quantity.

I did notice the "Enable Multistore" option under General is not showing up with the Agile modules enabled but is with the Agile modules disabled. This option allows webservice API keys to be associated with stores.

Disabling the Agile Multiple Seller module adds the Multiple Store option which allows for the webservice per store. Once the Agile Multiple Seller module is disabled then it cannot be enabled again. It must be reinstalled.

The Agile Multiple Seller module is interfering with the Prestashop webservice for multiple store access. Do you know of a work around to get this Prestashop feature working with Agile module?

I found the code disabling it and changed it to enable this feature for testing.

overrride/classes/shop/Shop.php

Code: Select all

    public static function isFeatureActive()
   {
      $isFeatureActive = parent::isFeatureActive();
                        
                  if(!$isFeatureActive)
      {
         Db::getInstance()->Execute('UPDATE ' . _DB_PREFIX_ .  'configuration SET value=1 WHERE name=\'PS_MULTISHOP_FEATURE_ACTIVE\'');
      }
      
      $isFeatureActive = parent::isFeatureActive();
      
      return $isFeatureActive;
      

Don't change that code in the above post. It will mess up your site.

I created an API key and then manually changed the webservice_xxx databases to a different shop for testing.

In WebserviceRequest.php I found this code:

Code: Select all

    protected function shopHasRight($key)
    {
        $sql = 'SELECT 1
            FROM '._DB_PREFIX_.'webservice_account wsa LEFT JOIN '._DB_PREFIX_.'webservice_account_shop wsas ON (wsa.id_webservice_account = wsas.id_webservice_account)
            WHERE wsa.key = \''.pSQL($key).'\'';

        foreach (self::$shopIDs as $id_shop) {
            $OR[] = ' wsas.id_shop = '.(int)$id_shop.' ';
        }
        $sql .= ' AND ('.implode('OR', $OR).') ';
        if (!Db::getInstance()->getValue($sql)) {
            $this->setError(403, 'No permission for this key on this shop', 132);
            return false;
        }
        return true;
    }

So the shop id needs to be changed for what shop is being access which is here:

Code: Select all

    protected function shopExists($params)
    {
        if (count(self::$shopIDs)) {
            return true;
        }

        if (isset($params['id_shop'])) {
            if ($params['id_shop'] != 'all' && is_numeric($params['id_shop'])) {
                Shop::setContext(Shop::CONTEXT_SHOP, (int)$params['id_shop']);
                self::$shopIDs[] = (int)$params['id_shop'];
                return true;
            } elseif ($params['id_shop'] == 'all') {
                Shop::setContext(Shop::CONTEXT_ALL);
                self::$shopIDs = Shop::getShops(true, null, true);
                return true;
            }
        } else {
        die();
            self::$shopIDs[] = Context::getContext()->shop->id;
            return true;
        }
        $this->setError(404, 'This shop id does not exist', 999);
        return false;
    }

So changing

Code: Select all

self::$shopIDs = Shop::getShops(true, null, true);

to what shop is being accessed using the key seems to work. I manually set this to the shop number of the key by a mysql query should do the trick.

I still am getting all the shop data so this is where I'm stuck right now.

I looked at orders in the database and they are listed by the owner, not store. This function getFilteredObjectDetails probably needs to have the owner added to limit access only to the owner, I guess. It probably would be best to make the function shopExists also use the owner too.

I'll do more testing later and try to report back.