Interal API permission issues

[a2b]

I am using a basic internal request and continue to receive the follow error despite the use of the correct token_auth:

"You can't access this resource as it requires a 'superuser' access."

$request = new Piwik_API_Request('                        
                        method=UsersManager.getUsers
                        &token_auth=c11c87e44b5c98a387e2968dc22fa4dc');   
$result = $request->process();

I can go to the API in the admin panel and click the getUsers and it gives results to the browser just fine. Same token_auth in the URL as well. If you simply modify misc/api_internal_call.php to call UsersManager.getUsers and remove the extra data it loads when in the same browser (probably because I am logged in as admin). If I try a different browser it will not work. The token_auth appears to have no effect on authorizing the request.

In my specific implementation, I do not even want Piwik handling my sessions when using the internal API.

I have tested this on 0.2.9 as well as Release 634 from svn.

[matt]

Thank you for the report. This bug was harder to fix than I initially thought. please use latest SVN and report any pb. patched in [661]

rules: * calling from any module (except module=API), cookie will be checked * calling from module=API, cookie won't be checked.

* calling from any module= (or no module= for example the case of misc/api_internal_call.php) **if using API_Request without specifying a token_auth, API_Request will use existing access (cookie if available, otherwise show permission error) **if using API_Request specifying a token_auth, API_Request will reload access for this token_auth