Hello,

I get Error 500 when i use exception with custom error code

example response :
"""Server error: POST http://localhost/user/authenticate` resulted in a 500 Internal Server Error response:\n{"error":{"code":2060,"message":"Inactive User","developer":{"file":"/var/www/public_html/app/libra (truncated...)\n"""`

i want to response the error 2060 not 500

Hello!,

I have a couple of questions, I'm supposed to send the post to /users/authenticate/username right?, or is it to /users/authenticate, I've tried both endpoints and I'm getting a "General: Not found" and a "Auth: Bad login credentials", respectively.

Now, trying stuff out I thought that maybe the DB will be the problem, I've discovered that not matter the configuration of my db in the server.develop.php, it doesn't seem to make any difference, no errors are thrown, any thoughts?, I have no idea what I'm doing wrong.

This is the code I'm using to test it.
Thanks!

<?php
$url = 'http://localhost/phalcon-rest-boilerplate/users/authenticate/';

//$header = ["Authorization: 'Basic ZGVtbzp0ZXN0MTIz'"];
$header = ["Authorization: 'Basic " . base64_encode("demo:test123") . "'"];

$ch = curl_init();

curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE);

$response = curl_exec($ch);
echo PHP_EOL;
echo "Request: " . PHP_EOL;
echo curl_getinfo($ch, CURLINFO_HEADER_OUT);    
echo PHP_EOL;

echo "Response:" . PHP_EOL;
echo $response; 
echo PHP_EOL;

curl_close($ch);

Hello!
I've added the following endpoint on userResource file:
->endpoint(ApiEndpoint::create() ->allow(AclRoles::ALL_ROLES))

In my userController, I've the following function:
`public function transformPostData($data)
{
$result = [];
foreach ($data as $key => $value) {
//Encrypt password
if($key == "password"){
$crypted_password = $this->security->hash($value);
$result[$key] = $crypted_password;
}else{
$result[$key] = $value;
}
}

    return $result;
}`

It seems to work as expected, I can register a user, the password is stored on database crypted.

But, when I try to authenticate, using Postman, iI get the following error:

{ "error": { "code": 2020, "message": "Authentication: Login Failed", "developer": { "file": "C:\\PROJECT\\LOCATION\\PROJECT_NAME\\api\\vendor\\redound\\phalcon-api\\src\\PhalconApi\\Auth\\Manager.php", "line": 122, "request": "POST /PROJECT_NAME/api/users/authenticate" } } }

I cant identify what Im missing here, is there another way to crypt the password? Is my way not compatible with Redound API?

I hugely appreciate any help.

Thank you in advance!

I was trying to setup your skeleton app and could not find the DB schema anywhere.

在documentation页面中,Collection添加多个ApiEndpoint 只显示最后一个,怎么修复这个问题呢?
In the documentation page, Collection add multiple ApiEndpoint only show the last one, how to fix this problem?

First of all thumbs up for all your impressive work on this boilerplate! A very simplified and quick way of setting up an API.

I've however come across an issue of which I'm not sure it is a bug or just idiotic use. Probably the latter... :-)

It seems in the \App\Resources\UserResource class it does not matter how I setup the ACL for ApiEndpoint::get and ApiEndpoint::post routes (I haven't tested this for other request methods). They will always be accessible no matter if a user is logged on or not (even on no Authorization key). Even if I deny AclRoles::ALL_ROLES the method will still be executed in stead of returning an access denied message. It doesn't seem to matter whether I deny access to the entire resource or just on all endpoints in the resource.

The strange thing is that the ACL will be enforced on ApiEndPoint::all routes.

I'm hoping someone can help me with this issue as I said before I really like this approach of setting up an API.

Kind regards, Rick

I imported your schema.sql and tried to use this project. But this error persists:
http://prntscr.com/9e57lr

I think I'm not inserting the user record correctly.

How should I fill the password field? I'm inserting as a plain text for testing purposes.
http://prntscr.com/9e5eeh

how for the first time of initial authentication user login

because, I tried the results like this: http://prntscr.com/9z9ry3

How can i get a many to many relation in the json response ?
I can't find this in the documentation…
Thanks.

First of all, thank you. You did an amazing work here. I didn't install the project yet, but apparently this is very well structured.

I have some questions:

1. Is this project ready for production?
2. How is the authentication working? I tried to follow your code through every single file, but I don't understand how your authentication is working, I can't find anything related to tokens in your schema.sql, or something that could storage any authentication information when the user makes requests.
3. What is that "whitelist" in model files?
4. Is search functions implemented? orders, limits... Is this part of that Fractal package?
5. I have seen something about ACL in your code, this is a great feature. I would like to use it, but I already modeled my database with my own ACL relations, do you think I can make it work with your ACL easily? I know this is a relative question (it depends on my experience in programming), but I just wanted to hear something from you, haha.
6. This is not a question, just: I would like to see a better documentation of your project. For now, this is the only thing I'm missing in your project.

But again, thank you for sharing your project with us, this will be very helpful for most of my projects!

Hi,
The .htaccess setting is :

IMPORTANT TO GET JWT FROM HEADERS

RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

how change to nginx setting.???

your link for "this database scheme" doesnt work.

When using the 'fields' parameter I'm getting an error.

This is the error:
Notice: Undefined property: Phalcon\Mvc\Model\Row::$PropertyType in /var/app/current/vendor/redound/phalcon-rest/src/PhalconRest/Transformers/ModelTransformer.php on line 129
Notice: Undefined property: Phalcon\Mvc\Model\Row::$5thBedroomDimensions in /var/app/current/vendor/redound/phalcon-rest/src/PhalconRest/Transformers/ModelTransformer.php on line 129
Notice: Undefined property: Phalcon\Mvc\Model\Row::$ZipCode in /var/app/current/vendor/redound/phalcon-rest/src/PhalconRest/Transformers/ModelTransformer.php on line 129
Notice: Undefined property: Phalcon\Mvc\Model\Row::$ZipCodeLast4Digits in /var/app/current/vendor/redound/phalcon-rest/src/PhalconRest/Transformers/ModelTransformer.php on line 129
Notice: Undefined property: Phalcon\Mvc\Model\Row::$CoListingAgentName in /var/app/current/vendor/redound/phalcon-rest/src/PhalconRest/Transformers/ModelTransformer.php on line 129
Notice: Undefined property: Phalcon\Mvc\Model\Row::$AgentsOfficeExtension in /var/app/current/vendor/redound/phalcon-rest/src/PhalconRest/Transformers/ModelTransformer.php on line 129
Notice: Undefined property: Phalcon\Mvc\Model\Row::$AgentPhone in /var/app/current/vendor/redound/phalcon-rest/src/PhalconRest/Transformers/ModelTransformer.php on line 129
Notice: Undefined property: Phalcon\Mvc\Model\Row::$Area in /var/app/current/vendor/redound/phalcon-rest/src/PhalconRest/Transformers/ModelTransformer.php on line 129 
Notice: Undefined property: Phalcon\Mvc\Model\Row::$AssocFeePaidPer in /var/app/current/vendor/redound/phalcon-rest/src/PhalconRest/Transformers/ModelTransformer.php on line 129

the mentioned error repeats it self all over the page, but with diff 'property'.
?fields=known_field
2. when entering a non exist value in the 'fields' param, I'm getting an 'OK' error. (expected)
?fields=un_known_value
3. when entering an unknown type of 'param', I'm getting an 'OK' error (expected)
?un_known_fields=value

I need to resolve issue 1.

Thanks,
A.I

Hi guys.

I get this, https://i.imgur.com/TTpP2jQ.png just after a clone of boilerplate & composer update/install.

APPLICATION_ENV variable has been set, i have changed config files.

I need to know the scope of the incoming parameter in the controller.

this is the endpoint

 ->endpoint(
                ApiEndpoint::post('/{dir}','uploads')
                    ->allow(AclRoles::ADMIN_ROLES)
                    ->description('图片上传,dir 为目录名,如article')
                    ->name('upload')

this is the method ,$dir is the parameter,

    public function uploads($dir)
    {
        $this->parameterCheck($dir);
  }
function get_variable_name(&$var, $scope = NULL) {
        if (NULL == $scope) {
            $scope = $GLOBALS;
        }
        $tmp  = $var;
        $var   = "tmp_exists_" . mt_rand();
        $name = array_search($var, $scope, TRUE);
        $var   = $tmp;
        return $name;
    }

  public function parameterCheck($parameter){
        $dirName = $this->filter->sanitize($parameter,'string');
        $parameterName = $this->get_variable_name($parameter); 
        var_dump($parameterName);//I think it is dir,but it is boolean false , the scope can`t find it 
        var_dump($dirName ); //{dir}
        exit();
       if(empty($parameter) or $parameter == '{'.$parameterName.'}'){
            throw new YnException(ErrorCodes::POST_DATA_NOT_PROVIDED,'参数无效');
        }
    }

Hi,

is there an implemented way to handle flat file up- and downloads? I see that firebase allows for the query param ?download= to transform the response into an file download. Is there any designated way to implement that behaviour? The boilerplate works with a photo example unfortunately without actually handling the corresponding image files. I'm having a little trouble finding a good way to implement handling of flat files without deviating from the well structured ways too much.

Would be grateful for any tips.

Thank you
Phil

Hi,

I´m new and is hard to understand.
if anyone have time, can fork this with an working frontend-example?
many thanx.

Hello,

Do you have the code of .htaccess to Nginx?

Thanks a lot!

I greatly appreciate all your attention and help. Things are working better however now that I get my authtoken back, every time I try to pass it in the header I still get an "Unauthorized" error. I am using php-fpm and nginx as the server and I think I have everything setup properly there, especially since the INVO app is also running on that server and works just fine. Is the header for the auth supposed to be an array that resembles: ["AuthToken: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..............","Expires: 1434815740","Content-Type: application/json","Content-Length: 100"] ? It seems like the things I keep missing are simple, but without documentation, it is hard to jump in on this and get it figured out. Thanks again for the help.

I modified a test script to allow me to test the API, and I can get it to register a user, and activate a user, but when I try to authenticate it returns: {"error":{"code":3008,"status":400,"developer":null,"message":"Auth: Invalid authentication bearer type"}}

I have tried to debug this issue and it seems like the getAccount() function is getting the username value instead of the bearer type. Below is the code I am using for the test:

<?php
if (!function_exists('curl_init')) {
    die('Curl module not installed!' . PHP_EOL);
}

$route = '/users/authenticate/testuser';

if (isset($argv[1])) {
    $host = 'http://' . $argv[1] . $route;
} else {
    $host = "http://api.example" . $route;
}

$headers = ["Authorization: 'Basic ".base64_encode("testuser:testpass")."'"];
$ch = curl_init();

curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_URL, $host);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE);

$result = curl_exec($ch);
if ($result === FALSE) {
    echo "Curl Error: " . curl_error($ch);
} else {
    echo PHP_EOL;
    echo "Request: " . PHP_EOL;
    echo curl_getinfo($ch, CURLINFO_HEADER_OUT);    
    echo PHP_EOL;

    echo "Response:" . PHP_EOL;
    echo $result; 
    echo PHP_EOL;
}
curl_close($ch);
?>

Thanks.

Hello, I started a project 4 years ago and have decided to pick up where I left off. Sometime ago I had upgraded various brew packages and phalcon upgraded to 4.x which breaks your code.

I've spent a number of hours trying to upgrade the calls and deprecated methods and I'm having no luck. Just wondering if by any chance this is something you'd update......?
Thanks.

Hello.

Nice work you have here. Thank you for that.

I started modifying this boilerplate to fit my needs but I would like to hide some properties for some roles (or show them only to certain roles).
For now, my best option is to modify the method ModelTransformer::excludedProperties() to change the excluded properties according to the current user role. Is there any other way?

Thank you for your attention.

Hi all!

I'm having some issues with the setup of related models.

I have the following models:

CrmCustomer.php

namespace App\Model;

class CrmCustomer extends \App\Mvc\DateTrackingModel
{

    /**
     *
     * @var integer
     */
    public $id;

    /**
     *
     * @var string
     */
    public $name;

    /**
     *
     * @var integer
     */
    public $hq_address_id;

    /**
     *
     * @var integer
     */
    public $invoice_address_id;

    /**
     *
     * @var string
     */
    public $url;

    /**
     *
     * @var string
     */
    public $telephone;

    /**
     *
     * @var string
     */
    public $fax;

    /**
     * Initialize method for model.
     */
    public function initialize()
    {

        $this->belongsTo('hq_address_id', CoreAddress::class, 'id', ['alias' => 'Hq']);
        $this->belongsTo('invoice_address_id', CoreAddress::class, 'id', ['alias' => 'Inv']);
    }

    /**
     * Returns table name mapped in the model.
     *
     * @return string
     */
    public function getSource()
    {
        return 'crm_customers';
    }

    /**
     * Returns column names mapped in the model.
     *
     * @return string
     */
    public function columnMap()
    {
        return parent::columnMap() + [
            'id' => 'id',
            'name' => 'name',
            'hq_address_id' => 'hq_address_id',
            'invoice_address_id' => 'invoice_address_id',
            'url' => 'url',
            'telephone' => 'telephone',
            'fax' => 'fax'
        ];
    }
}

CoreAddress.php:

<?php

namespace App\Model;

class CoreAddress extends \App\Mvc\DateTrackingModel
{
    public $id;
    public $street_1;
    public $street_2;
    public $street_3;
    public $city;
    public $county;
    public $postcode;
    public $common_countries_id;

    /**
     * Returns table name mapped in the model.
     *
     * @return string
     */
    public function getSource()
    {
        return 'core_addresses';
    }

    /**
     * Returns column names mapped in the model.
     *
     * @return string
     */
    public function columnMap()
    {
        return parent::columnMap() + [
            'id' => 'id',
            'street_1' => 'street_1',
            'street_2' => 'street_2',
            'street_3' => 'street_3',
            'city' => 'city',
            'county' => 'county',
            'postcode' => 'postcode',
            'common_countries_id' => 'common_countries_id'
        ];
    }

    /**
     * Initialize method for model.
     */
    public function initialize()
    {
        $this->belongsTo('common_countries_id', CommonCountries::class, 'id', [
            'alias' => 'CommonCountries',
        ]);
        $this->hasMany('id', CrmCustomer::class, 'hq_address_id', ['alias' => 'CrmCustomerHqs']);
        $this->hasMany('id', CrmCustomer::class, 'invoice_address_id', ['alias' => 'CrmCutomerInvs']);
    }
}

In the CrmCustomerTransformer.php file I have:

<?php

namespace App\Transformers;

use App\Model\CrmCustomer;
use PhalconRest\Transformers\Transformer;

class CrmCustomerTransformer extends Transformer
{
    protected $availableIncludes = [
        'hq_address',
        'inv_address'
    ];

    public function includeHqAddress(CrmCustomer $res)
    {
        return $this->collection($res->getHq(), new CoreAddressTransformer());
    }

    public function includeInvAddress(CrmCustomer $res)
    {
        return $this->collection($res->getInv(), new CoreAddressTransformer());
    }

    public function transform(CrmCustomer $res)
    {
        return [
            'id' => $this->int($res->id),
            'name' => $res->name,
            'url' => $res->url,
            'telephone' => $res->telephone,
            'fax' => $res->fax,
            'hq_address_id' => $this->int($res->hq_address_id),
            'invoice_address_id' => $this->int($res->invoice_address_id),
            'updated_at' => $res->updated_at,
            'created_at' => $res->created_at
        ];
    }
}

and in the CoreAddressTransformer.php file:

<?php

namespace App\Transformers;

use App\Model\CoreAddress;
use PhalconRest\Transformers\Transformer;

class CoreAddressTransformer extends Transformer
{

    public function transform(CoreAddress $res)
    {
        return [
            'id' => $this->int($res->id),
            'street_1' => $res->street_1,
            'street_2' => $res->street_2,
            'street_3' => $res->street_3,
            'city' => $res->city,
            'county' => $res->county,
            'postcode' => $res->postcode,
            'country' => $res->getCommonCountries(),
            'updated_at' => $res->updated_at,
            'created_at' => $res->created_at
        ];
    }
}

Whenever i try and go to the endpoint:

localhost/crm/customers?include=hq_address

i get the following error message:

<br />
<b>Catchable fatal error</b>:  Argument 1 passed to App\Transformers\CoreAddressTransformer::transform() must be an instance of App\Model\CoreAddress, string given, called in /Users/rbrowne/Dropbox/api/vendor/league/fractal/src/Scope.php on line 338 and defined in
<b>/Users/rbrowne/Dropbox/api/app/library/App/Transformers/CoreAddressTransformer.php</b> on line
<b>11</b>
<br />

If I leave the include parameter off the end of the endpoint address, i get the list of customers; so it's generally working, but for some reason I can't get the includes to work on my models. If I add $res->getHq() to the transform function then it returns the HQ address as expected.

I've reviewed all my code and I've tested the sample models - these work as expected. I cannot see what the difference is between my code and the code provided in the samples.

Any help or pointers would be greatly appreciated - I fear it's so obvious, but I just can't see it.

After updating and sending the request in postman I get the following error,

{
  "error": {
    "code": 1030,
    "message": "General: Not Found",
    "developer": {
      "file": "C:\\xampp\\htdocs\\phalcon-boilerplate\\vendor\\redound\\phalcon-rest\\src\\PhalconRest\\Middleware\\NotFoundMiddleware.php",
      "line": 16,
      "request": "POST /phalcon-boilerplate/users/authenticate"
    }
  }
}

Hi! It's me again, hahaha.
I don't know how to use the search feature, how can I implement this feature in a controller (for example, in the ProductController of this boilerplate project)?
Also, is there a way to easily change the name of the "users" table without having to change the library itself? I would like to use the table in singular ("user" instead of "users"), and I want to use email field, instead of username.
Thank you for your help. I already read all from the new documentation. It's way better than before!

Hello,
How can i remove the current authorization token (Unauthorized the current token) or logout the current user ???

Regards,

I've created fresh testing env, GET / (or any other URL) generates:
{"error":{"code":0,"message":"Collection requires a main handler","developer":{"file":"phalcon/mvc/micro.zep","line":374,"request":"GET /phalcon-rest-boilerplate/"}}}

Hi @olivierandriessen ,

i just pulled the changes from #13 and now i get.

https://i.imgur.com/Nlf2wEI.png

Hi,

after composing the boilerplate according to guide I get the:
Class 'PhalconRest\Collection\ResourceCollection' not found
error in:
phalcon-rest-boilerplate\app\bootstrap\collections.php on line 3

The according composer libraries are there in folder vendor/phalcon-rest/src/PhalconRest but I too can't find the said class. Maybe some composer misconfiguration after the last merge?

Would be great to get a hint on that one.

Thanks
Phil

Documentation (documentation.html / postman.json / documentation.json) does not display all endpoints; for example for "User" resource it's not showing "/me" endpoint.

Is it possible to add paging data in the endpoint all?

Is it possible to force a default limit on this endpoint?

It would be very useful to have paging information such as total records, items per page, and number of pages.

I feel surprised when i see the Query Syntax and Access Control designs. My first feel the Query Syntax is similar to Mongodb. That is hard work I think. Thanks for it.

After That, I spend the whole day to see the source code and document. Because i want to apply it to my new project. But i will not to use it now. Because it is unfamiliar to me now.

But, after checking the code and document. I have some questions about it. Below are what i thinking about now:

• Why it don't handle the pagination. I mean the API should return like the meta page, total. Do it myself is ok. That good if it can provide.
• The Query Syntax Having make no sense if it cannot be used with group by in mysql.??
• If I use more than two IN condition. But the relationship is or not and. But i cannot do it now.

If i call api like this:

/albums?in={"id": [1], "title": ["Album 1"]}

The result is id IN (1) AND title IN ("Album 1"). But I want to search like this:

SELECT * FROM photo WHERE id IN(1,2) or album_id IN(2);

• The fields query condition cannot filter the field. ps: I download the v1.3.7 release.

I call api like this:

/albums?fields=title

But the result is not my expect

{
  "albums": [
    {
      "id": 1,
      "title": "Album 1",
      "createdAt": "2016-02-28T11:28:33Z",
      "updatedAt": "2016-02-28T11:28:33Z"
    },

    ....and so on
  ]
}

Thanks. Sorry my bad english, I try my best.

I don't know what to do, if I auth and then make a GET request in url/users?token=... using the example schema, everythings goes well with this result:

{ "users": [ { "id": 1, "role": "client", "email": "[email protected]", "username": "demo", "firstName": "Demo", "lastName": "Account", "location": null, "createdAt": "2015-12-28T16:20:58Z", "updatedAt": null } ] }

Now, I changed to my own database, with its own user table structure. If I use authenticate, everything goes well with the following response:

{ "data": { "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJlbWFpbCIsInN1YiI6IjM1OCIsImlhdCI6MTQ2MTM2NTczNywiZXhwIjoxNDYxOTcwNTM3fQ.54eOteQAqg1Ava5ooKcjsoosCmmZ5_Jeks3Hnqt5Sx8", "expires": 1461970537, "user": { "parent": { "id": 358, "image_id": null, "name": "Thiago Novo", "email": "[email protected]", "phone": "4491225631", "type": "client", "date_updated": "2016-04-13 15:26:34", "date_created": "2016-04-13 15:26:34", "status": 1 } } } }

But then if I make the request to "url/users?token=...", the result comes empty, with nothing, without any users, and any errors...

I don't know how to explain the problem better... That's it. I wanted to know where is the potential places that I have to change in code when dealing with a collection of Users. Note that in the example, everything is returning great. But when I change to my own model, then even if I can authenticate, and use the find() method, nothing shows when I use the Endpoint::all(); in users resource.

Hello everyone,
First of all, CONGRATULATIONS for this amazing boilerplate!

I've a huge doubt about SQL execution.
I'd like to execute RAW SQL statements or even PHQL on my controllers/models. But I can't find a way to make it works and there's no example in the project using a raw PHQL in the current controllers/models.

Could someone guide me please?

Thank you advance!

How i can create some 'nested collections' like /article/{id}/comments ?

I can get the users/authorize function to work, but every time I try to use users/login/ I get: "error":{"code":3007,"status":404,"developer":null,"message":"Auth: No username present"}}.

I have tried using both get and post methods to allow for the login to work. the user string that I am using is: /users/login?bearer=1&username=test&password=test

I am running this on an nginx server and I have the url rewriting setup. Here is what the server is getting: rewritten data: "/index.php", args: "_url=/users/login&bearer=1&username=test&password=test"

Warning: Declaration of App\Transformers\DepartementTransformer::transform(App\Model\Departement $departement) should be compatible with PhalconRest\Transformers\ModelTransformer::transform($item) in C:\xampp\htdocs\MiC\app\library\App\Transformers\DepartementTransformer.php

`use App\Model\Departement;
use PhalconRest\Transformers\ModelTransformer;

class DepartementTransformer extends ModelTransformer
{

protected $modelClass = Departement::class;

public function transform(Departement $departement)
{
    return [
        'id' => $this->int($departement->id),
        'name' => $departement->name,
    ];
}

}`

Hi,

I'm seemingly unable to overwrite access for one of the built in factory endpoints like so:

$this->deny(AclRoles::UNAUTHORIZED, AclRoles::USER, AclRoles::MANAGER)
            ->name('Recognition')
            ->model(Recognition::class)            
            ->transformer(RecognitionTransformer::class)
            ->itemKey('recognition')
            ->collectionKey('recognitions')                
            ->endpoint(Endpoint::create()
              ->allow(AclRoles::MANAGER)
            );

My goal is to restrict the acces for all factory endpoints but CREATE. The easiest way for me seemed to first deny and then overwrite the restriction for the specific case as stated in the docu. Somehow this doesn't seem to work since I'm always getting an Access denied answer.

Any ideas on how to solve this or what might be wrong?

Thanks in advance
Phil