Adding a record fails with permission denied #4067
Description
Package version (if known): 3.3
Describe the bug and Steps to Reproduce
I deployed Invenio following the documentation here: https://invenio.readthedocs.io/en/latest/quickstart/quickstart.html
I followed the instruction to create a record: https://invenio.readthedocs.io/en/latest/quickstart/crud-operations.html#crud-operations.
When executing the curl command to add a record:
curl -k --header "Content-Type: application/json" \
--request POST \
--data '{"title":"Some title", "contributors": [{"name": "Doe, John"}]}' \
https://127.0.0.1:5000/api/records/?prettyprint=1
I got Unauthorized (401)
"message": "The server could not verify that you are authorized to access the URL requested invenio
Then I saw documentation on adding a user so I followed the steps here: https://github.com/inveniosoftware/training/tree/v3.1/02-invenio-tour
I created an admin user and got a token for that user. I then added another header to the curl command and it looked like this:
curl -k --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN\
--request POST \
--data '{"title":"Some title", "contributors": [{"name": "Doe, John"}]}' \
https://127.0.0.1:5000/api/records/?prettyprint=1
I got Permission denied (403)
You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.
Expected behavior
As indicated in the documentation, I should get:
{
"created": "2019-11-22T10:30:06.135431+00:00",
"id": "1",
"links": {
"files": "https://127.0.0.1:5000/api/records/1/files",
"self": "https://127.0.0.1:5000/api/records/1"
},
"metadata": {
"contributors": [
{
"name": "Doe, John"
}
],
"id": "1",
"title": "Some title"
},
"revision": 0,
"updated": "2019-11-22T10:30:06.135438+00:00"
}