getMember error 'FORBIDDEN' (permission issue)

Ask the community
, ,
1

I want to create a dynamic reviews repeater showing latest member data on the repeater. Because of that I’m not collection user info when they insert review I’m using _owner and trying to get member data with getMember in the backend using _owner.

But when I try this with a logged in account or a visitor user. I’m seeing an error with a permission error and I don’t know how can I bypass it? Or how can I fix this issue to create dynamic reviews repeater.

I also tried to login with a admin account and there was no problem. I can get the member data for each review. Shortly:

This is my backend getMember function:

 export function getMember(memberId) {
    return wixMembersBackend.members.getMember(memberId, { fieldsets: ['FULL'] })
        .then((memberData) => {
            return memberData;
        })
        .catch((err) => {
            console.error(err)
        })
}

This is my backend code to create dynamic repeater data:

export function getProductReview(productId, skip) {
    return wixData.query("ProductReviews")
        .limit(10)
        .skip(skip)
        .eq("productId", productId)
        .find()
        .then((productReviewsData) => {
            let productReviews = productReviewsData.items;

            if (productReviews.length > 0) {
                productReviews = productReviews.map(async (review) => {
                    let memberData = await getMember("c9e73b46-85a9-48ba-8a66-5595b82f5893")
                        .then((memberData) => {
                            let profilePhoto = memberData.profile.profilePhoto;
                            let memberName = `${memberData.contactDetails.firstName} ${memberData.contactDetails.lastName}`

                            if (profilePhoto) {
                                return {
                                    "profilePhoto": profilePhoto.url,
                                    "memberName": memberName
                                }
                            } else {
                                return {
                                    "profilePhoto": undefined,
                                    "memberName": memberName
                                }
                            }
                        })

                    return {
                        "_id": review._id,
                        "reviewTitle": review.reviewTitle,
                        "review": review.review,
                        "rating": review.rating,
                        "memberName": memberData.memberName,
                        "memberProfilePhoto": memberData.profilePhoto
                    }
                })

                const result = Promise.all(productReviews);
                return result;
            }
        })
        .catch((err) => {
            console.error(err);
        })
}

When I use admin account I’m getting every single data without any problem. But when I try with an non-admin account I can’t get first and last name of user but I can get profile photo.

How can I fix this permission issue?

2

Here is a question: My member id and contact id is different but almost all of my members is same (same member id and same contact id).

Why my contact id is different than my member id and if I use member id to use contact APIs like getContactById() will I see any problem?

It’s not a solution because contacts is not updating when user update his profile pic.

3

Hi LoeiX I’ve had the same type of issue with wixMembers. One thing I’ve noticed is that the contactId is different from the memberId, but only for one person: you (the admin). You can look this up in the private members database collection, which has both a contactId and a memberId field. it is the same for everyone else.