Getting permission denied when deleting via API

Are there any known issues with the delete function? Every time I try to perform a delete, I get a "Permission denied" response in the message. I'm just using perl lwp

$json = $lwp->delete( $baseurl . $item->{'id'},'key'=>$key);
$decoded_json = decode_json( $json->content );
print Dumper $decoded_json;

returns something like:

ID: 113
$VAR1 = {
'message' => 'Permission denied.'

Assuming that the key is valid, it might be that the user's key doesn't have permission to delete the item.

That's certainly what it acts like.

But I created the key as super user. Just for the heck of it, I tried creating another key but no luck. Is there someplace where I can verify permissions assigned to a key?

Just to clarify and double-check -- the permissions correspond to the user assigned the key, not the user who created the key. So, if you as super user create a key for a user who is has the role "Contributor", that key won't let them do all the things a super user's key will allow.

In other words, Omeka checks the key, and behaves as if the user for that key is logged in, not as if the creator of the key is logged in.

I double checked to make sure the key actually belonged to the super user. Just to be safe, I created a new account with an admin role and assigned a key to that user.

I'm getting the same behavior. No trouble reading, but I get a permission denied error when I try to delete.

If it works for everyone else, I'm wondering if I didn't muck up something in my db somehow?

All super and admin users have blanket permission to delete items. I wonder if the key is somehow not being added to the URL when calling delete().

I found out what's going on. My hosting service has apache configured not to support PUT and DELETE.

I hope that consideration could be made creating GET or POST methods that would provide this functionality in a future version of the API.

Thanks for your input. We've just added support for the X-HTTP-Method-Override header, which you can use to declare an unsupported HTTP method.