API call to roles collection returning empty for non-moderators

Hi,

Bit of a weird one here, we've built a component to test users' roles against board titles, only displaying the boards that have matching roles.

Trouble is, it only works if the user has the role of moderator.

I'm pulling the roles data like this:

<#assign userID = user.id />
<#assign rolesQuery = "SELECT name FROM roles WHERE users.id = '" + userID + "'" />
<#assign roles = rest("2.0", "/search?q=" + rolesQuery?url) />

I'm then testing 'roles' for results etc below before proceeding with further lists / conditionals. If I view this as a moderator, all the subsequent content displays, if I view as a non-moderator, nothing below this conditional displays.

<#if roles?? && roles.status?? && roles.status == "success" && roles.data?? && roles.data.size gt 0 && roles.data.items?? && roles.data.items?has_content>

Does anybody have any experience of this? I've tested the query in the API browser and it returns results, so there isn't a problem with pulling results it seems.

Is there something that prevents these API calls on user's if they don't have certain permissions?

TariqHussain
7 years ago
Kev_B- By restadmim , i mean restadmin freemarker object.

Lithium does not provide access to all object to a normal user. A normal user can not view any other user roles (same as a normal user can not view private board messages). However, moderater have access to view other users roles and rest context object make call and fetch result according to the permissions.
Lithium does provide an object restadmin which can make a call with admin privileges.
it's an object to make a REST call with Administrator permissions on behalf of the user viewing the component. This call essentially bypasses permission checks for the current user.
E.g Updated your query with restadmin call.

<#assign userID = user.id /> <#assign rolesQuery = "SELECT name FROM roles WHERE users.id = '" + userID + "'" /> <#assign roles = restadmin("2.0", "/search?q=" + rolesQuery?url) />
However, we should make restadmin call only when we know the information is sharable with normal users.

TariqHussain
Boss
7 years ago
Can you try this with restamdin call?
- Kev_B
  Advisor
  7 years ago
  I think that might do it, I don't have access to the restadmin stuff on here so have requested it to be able to amend the code accordingly.
  
  Thanks :)
  - TariqHussain
    Boss
    7 years ago
    Kev_B- By restadmim , i mean restadmin freemarker object.
    
    Lithium does not provide access to all object to a normal user. A normal user can not view any other user roles (same as a normal user can not view private board messages). However, moderater have access to view other users roles and rest context object make call and fetch result according to the permissions.
    Lithium does provide an object restadmin which can make a call with admin privileges.
    it's an object to make a REST call with Administrator permissions on behalf of the user viewing the component. This call essentially bypasses permission checks for the current user.
    E.g Updated your query with restadmin call.
    
    <#assign userID = user.id /> <#assign rolesQuery = "SELECT name FROM roles WHERE users.id = '" + userID + "'" /> <#assign roles = restadmin("2.0", "/search?q=" + rolesQuery?url) />
    However, we should make restadmin call only when we know the information is sharable with normal users.

Forum Discussion

API call to roles collection returning empty for non-moderators

Related Content

Returning all messages with a certain tag?

undefined collection: solutions_data

Labels Field For Messages Collection

Refresh Token not returned from accessToken endpoint

Select * from Categories (returns 0 categories 🤔)

Recent Discussions

How do I get the article ID in Freemarker in a TkbArticle?

Madehgshhhhhhhhhhhhhhhhhh

Connecting Khoros data to CRM (Salesforce)

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?