PHP creating a page_standard asset, editing content gives permissions error

nnhubbard · 2016-12-01 21:18:34 UTC

I am creating a page_standard asset using PHP. Something like this:

function createAsset(Array $asset_spec, Asset &$parent_asset, $schema_id, Array $metadata_mapping)
{
	$attribs = Array();

	echo '- Creating asset';

	// Check Matrix Type Code
	$GLOBALS['SQ_SYSTEM']->am->includeAsset('page_standard');
	$new = new Page_Standard();
	echo '.';
	
	// Set attributes
	$new->setAttrValue('name', $asset_spec['name']);
	echo '.';
	$new->saveAttributes();
	
	// Might need this later
	// $folders_children = $GLOBALS['SQ_SYSTEM']->am->getChildren($asset->id);

	// Link the new asset under the parent folder
	$link = Array(
									'asset'			=> &$parent_asset,
									'link_type'		=> SQ_LINK_TYPE_1,
									'link_value'	=> '',
									'sort_order'	=> 0,
									'is_exclusive'	=> FALSE,
									'is_dependant'	=> FALSE,
								);
	$link_id = $new->create($link);
	echo '.';
	
	$GLOBALS['SQ_SYSTEM']->am->releaseLock($new->id, 'all');
	$GLOBALS['SQ_SYSTEM']->am->acquireLock($new->id, 'all');
	
	$file_contents = "TEST CONTENT";
	
	// Set body contents
	$bodycopy_div = $GLOBALS['SQ_SYSTEM']->am->getAsset($new->id+2);
	$wysiwyg_content = $GLOBALS['SQ_SYSTEM']->am->getAsset($new->id+3);
	if (!is_null($bodycopy_div) && !is_null($wysiwyg_content)) {
		$GLOBALS['SQ_SYSTEM']->setRunLevel(SQ_RUN_LEVEL_FORCED);
			$wysiwyg_content->setContent($file_contents);
			$bodycopy_div_edit_fns = $bodycopy_div->getEditFns();
			$bodycopy_div_edit_fns->generateContentFile($bodycopy_div);
			$new->saveAttributes();
		$GLOBALS['SQ_SYSTEM']->restoreRunLevel();
		$GLOBALS['SQ_SYSTEM']->am->forgetAsset($bodycopy_div, TRUE);
		$GLOBALS['SQ_SYSTEM']->am->forgetAsset($wysiwyg_content, TRUE);
		unset($bodycopy_div);
		unset($wysiwyg_contnet);
		unset($bodycopy_div_edit_fns);
		unset($file_contents);
	}//end if
	$GLOBALS['SQ_SYSTEM']->am->forgetAsset($bodycopy, TRUE);
	unset($bodycopy);

	// Assign metadata schema and values to the asset
	editMetadata($new, $asset_spec, $metadata_mapping, $schema_id);
	echo '.';
	
	$GLOBALS['SQ_SYSTEM']->am->releaseLock($new->id, 'all');

	// Free memory
	$GLOBALS['SQ_SYSTEM']->am->forgetAsset($new);

	echo ' => asset ID '.$new->id."\n";

	return Array(reset($asset_spec) => $new->id);

}//end createAsset()

The problem I am having is, when I view the created asset in the Matrix _admin and try to edit and save the contents, I get permissions errors:

Does anyone have any ideas why I don’t have permissions to edit the assets after I have created them? *I did make sure to switch to the root user when creating the assets then changed back after I was done.

mfong · 2016-12-01 22:33:23 UTC

You shouldn’t run Matrix scripts as the root user, particularly scripts that create or edit assets - you should run them as whichever user Apache or PHP-FPM runs as.

Otherwise, when you try to edit the assets created by the scripts, PHP running in the webserver context won’t have the filesystem permissions to do anything with those assets’ files, and you’ll get the errors you’re seeing.

Use chown to change the owner of those files to the relevant user (you prefer to run Debian, right? On Debian that’s usually “www-data”) and try it again.

nnhubbard · 2016-12-01 23:35:02 UTC

Thanks, that worked!

nnhubbard · 2017-01-10 07:29:45 UTC

I am no longer getting the permission errors, but after creating a few assets I do sometimes get the following error:

| Matrix Warning |
|--------------------------------------------------------------------------------------|
| Unable to create directory: [SYSTEM_ROOT]/data/private/assets/bodycopy_div/0029/9884 |
±-------------------------------------------------------------------------------------+
±-----------------------------------------------------------------+
| Matrix Warning |
|------------------------------------------------------------------|
| Unable to Commit, Transaction has already been aborted [SYS0220] |
±-----------------------------------------------------------------+

Why would Matrix randomly give me this error when other alike assets were just created successfully?

mfong · 2017-01-11 13:56:35 UTC

I’d check the data/private/assets/bodycopy_div/0029 directory. Does it exist? If it exists, what ownership and permissions does it have?

nnhubbard · 2017-01-11 19:26:24 UTC

No, that folder exist. Strange.

mfong · 2017-01-11 22:35:08 UTC

What about the ownership and permissions?

nnhubbard · 2017-01-11 23:43:20 UTC

That folder didn’t exist so I couldn’t check. I am running the script like the following:

sudo -u apache php my_custom_script.php /var/www/matrix 11146

mfong · 2017-01-12 03:26:21 UTC

Oh, so it doesn’t exist?

The number 0029 is interesting. What’ve you got SQ_CONF_NUM_DATA_DIRS set to in data/private/conf/main.inc? (The default is 20.)

nnhubbard · 2017-01-12 06:00:26 UTC

Sorry, I meant that [SYSTEM_ROOT]/data/private/assets/bodycopy_div/0029/9884 didn’t exist. 0029 does exist.

SQ_CONF_NUM_DATA_DIRS is set to 60.

mfong · 2017-01-12 07:20:10 UTC

OK, so again, what ownership and permissions does 0029 have?

(I was asking about SQ_CONF_NUM_DATA_DIRS because the default is 20, in which case 0029 shouldn’t exist. But since you have SQ_CONF_NUM_DATA_DIRS set to 60, that’s perfectly fine.)

nnhubbard · 2017-01-12 17:22:58 UTC

Sorry, the permissions were root:root. It must have been an artifact left over from me running the script as the wrong user. So it would now randomly fail because of that. Changing to apache:apache fixed the issue and the script now completes without problems.

Thanks for sticking with me and helping me solve this!