I'm scripting a Weblate (version 4.3.2) installation and I've successfully fetched existing localizations from Weblate REST API using curl and pass the Authorization Token value from the Weblate profile settings (login, open profile menu from top right, select Settings - API Access and copy-paste the "personal API key").
In short, the GET /api/translations/(string:project)/(string:component)/(string:language)/file/ request works according to documentation at https://docs.weblate.org/en/weblate-4.3.2/api.html#get--api-translations-(string-project)-(string-component)-(string-language)-file- and I'm getting the expected results with pretty good performance.
However, the POST /api/translations/(string:project)/(string:component)/(string:language)/file/ request documented at https://docs.weblate.org/en/weblate-4.3.2/api.html#post--api-translations-(string-project)-(string-component)-(string-language)-file- always fails and results in following response:
HTTP/2 403
server: WSGIServer/0.2 CPython/3.8.10
content-type: application/json
vary: Accept,Cookie
allow: GET, POST, PUT, HEAD, OPTIONS
x-ratelimit-limit: 5000
x-ratelimit-remaining: 4878
x-ratelimit-reset: 107
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: same-origin
with the response body
{"detail":"You do not have permission to perform this action."}
I'm trying to use is the default admin account of the Weblate installation so I'd expect it to have all the required permissions. I get different error if token is incorrect so I'm pretty sure this is not related to token error. The HTTP/2 status in the response is caused by our reverse proxy and I'd assume that Weblate normally serves HTTP/1.1 traffic only.
I've also granted all possible permissions in Projects - Browser all Projects - (project name) - Manage (menu) - Users; namely "Administration", "Glossary", "Languages", "Memory", "Screenshots", "Sources", "Translate", "VCS".
In addition I've used the backend Django admin interface accessible via Wrench icon in top right and selecting Tools and Django admin interface. I've granted all the groups that I've thought might affect the permissions. In practice, this user account has following value for "User groups":
Users,Viewers,All@Sources,All@Languages,All@Administration,All@Translate,All@Glossary,All@Memory,All@Screenshots,All@VCS
and it has enabled status for both "Active" and "Superuser status".
Can you suggest anything else to try? I seems like clear permission problem but what I'm missing?
Most likely method or conflicts parameters are wrong. The API code raises permission error in these cases, but it should rather tell user what is wrong.
The error messages should be more useful in the next release, I've improved this in https://github.com/WeblateOrg/weblate/commit/4abf2193ed57cb7822db804376c6adde9cccb753