question

Besjan Xhika avatar image
Besjan Xhika asked

Group Admin CANNOT invite newly registered users.

All requests are run one after the other:

- "Admin" registers new user (using PlayFabClientAPI.RegisterPlayFabUser): SUCCESS

- "Admin" updates newly registered user's contact email (using PlayFabClientAPI.AddOrUpdateContactEmail): SUCCESS

- "Admin" retrieves newly registered user's AccountInfo.TitleInfo.TitlePlayerAccount.Id

(using PlayFabClientAPI.OnGetAccountInfo): SUCCESS

- "Admin" invites newly registered user to group

(using PlayFabClientAPI.InviteToGroup): FAILURE


Error Message:

/Group/InviteToGroup: The claim was not allowed to perform the requested action based on the entity's access policy. Policy comment: By default, all requests are denied. If you expected this request to succeed, you may be missing a policy. See the permissions APIs in PlayFab's Admin Api to add a permission.


- Using Unity

- "Admin" has "admins" role of all related groups, so by default this should not be a problem.

- Modified "ENTITY GLOBAL TITLE POLICY" to include:

{
  "Action": "*",
  "Effect": "Allow",
  "Resource": "pfrn:group--*!*/*",
  "Principal": {
  "MemberOf": {
  "RoleId": "admins"
  }
  },
  "Comment": "Allow members of the group administrator role to do anything with the group",
  "Condition": null
  }


and all Group's Policy settings were updated accordingly, so I don't think is actually a "permission" issue.

- Added a 20 seconds gab between user registration and group invitation requests but didn't change anything.


Any suggestions would be greatly appreciated, thank you.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

3 Answers

·
Citrus Yan avatar image
Citrus Yan answered

My title's "ENTITY GLOBAL TITLE POLICY" don't have such policy defined and the "invites" works well. If you believe there is something wrong with your title, please provide your title id so we can have a look.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Citrus Yan avatar image
Citrus Yan answered

I don’t follow what you mean by “ ‘Admin’ registers new user (using PlayFabClientAPI.RegisterPlayFabUser)”, RegisterPlayFabUser is only a client API which registers a new player with no “admin” role of any groups at all, therefore you cannot use InviteToGroup to invite other players. You’d need to first use CreateGroup to create a group for the player (with a admin role by default) and then call InviteToGroup to invite others to its group.

3 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Besjan Xhika avatar image Besjan Xhika commented ·

Thank you for the reply.

Yes, RegisterPlayFabUser might be irrelevant, but I just wrote the requests in order, and this one works fine, but not the InviteToGroup request.

And all the requests are Client API also, so the whole thing is meant to be the user experience in our app.

By "Admin" I mean that the currently logged in user has "admins" role for the group they are trying to add the newly registered user to (with "members" role).

They successfully register a new user and I just want to add the new user in a "default" group.

The group is already created in PlayFab and again the logged in user has already "admins" role for this group.

With same data and same code this works!

I don't think is a time issue or a request order, because I tried to repeat the InviteToGroup each 1sec but it always failed.

0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Besjan Xhika commented ·

If the currently logged in user has "admins" role for the group they are trying to add the newly registered user to, InviteToGroup simply works, not sure why you were the issue though.

0 Likes 0 ·
Besjan Xhika avatar image Besjan Xhika commented ·

In "isolation" this works:

- I copy-paste the exact same data: group EntityKey, user EntityKey, group RoleId.

- And in the same Play session I execute the same function with the same data from the inspector (using Odin), and it works, I can see the pending invitation in PlayFab.

0 Likes 0 ·
Besjan Xhika avatar image
Besjan Xhika answered

I figured it out:

Although the Policy is defined in the Title's "ENTITY GLOBAL TITLE POLICY", I still have to include the Title Entity as shown below:

    {
      "Action": "*",
      "Effect": "Allow",
      "Resource": "pfrn:group--*!*/*",
      "Principal": {
        "ChildOf": {
          "EntityType": "title",
          "EntityId": "xxxxx"
        },
        "MemberOf": {
          "RoleId": "admins"
        }
      },
      "Comment": "Allow members of the group administrator role to do anything with the group",
      "Condition": null
    }

But, I should not need a to have such a Policy in the first place for group "admins" to invite members, which should work by default.

Either something is wrong with our Title, or this is a bug from PlayFab.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.