ZoneMinder Forums

Posted: **Sun Jun 05, 2016 3:27 pm**

Hello,

I am running Zoneminder v 1.29.0 (installed via zmrepo) on CentOS Linux release 7.2.1511 (Core). I am using OPT_USE_AUTH.
Right now I am trying to integrate external (as in = not via the browser) control via the API.

I have added a new user specifically for this reason and gave him "Edit" rights for "Monitors" only, since I want to limit permissions available to the external access.

After authenticating via

Code: Select all

curl -d "username=XXXXX&password=XXXXXX&action=login&view=console" -c cookies.txt  https://HOST/zm/index.php

I cannot modify the Monitors function like so:

Code: Select all

curl -XPOST https://HOST/zm/api/monitors/X.json -d "Monitor[Function]=None" -b cookies.txt

which gives me:

Code: Select all

"name": "Insufficient privileges",
        "message": "Insufficient privileges",
        "url": "\/zm\/api\/monitors\/X.json",
        "exception": {
            "class": "UnauthorizedException",
            "code": 401,
            "message": "Insufficient privileges",

However when I use the admin account to authenticate instead, it works fine.

When I login to the webinterface using that newly created account, I CAN edit the function of the monitor. So it seems to be an API specific issue.
I have also tried supplying the new accounts with all rights available thru the user interface, to no avail.

Can someone tell me how to fix this? Is additional info required?

ZoneMinder Forums

Issues with Authentication via API

Issues with Authentication via API