Forum Discussion

Advisor

7 years ago

API call to roles collection returning empty for non-moderators

Hi, Bit of a weird one here, we've built a component to test users' roles against board titles, only displaying the boards that have matching roles. Trouble is, it only works if the user has...

TariqHussain
7 years ago
Kev_B- By restadmim , i mean restadmin freemarker object.

Lithium does not provide access to all object to a normal user. A normal user can not view any other user roles (same as a normal user can not view private board messages). However, moderater have access to view other users roles and rest context object make call and fetch result according to the permissions.
Lithium does provide an object restadmin which can make a call with admin privileges.
it's an object to make a REST call with Administrator permissions on behalf of the user viewing the component. This call essentially bypasses permission checks for the current user.
E.g Updated your query with restadmin call.

<#assign userID = user.id /> <#assign rolesQuery = "SELECT name FROM roles WHERE users.id = '" + userID + "'" /> <#assign roles = restadmin("2.0", "/search?q=" + rolesQuery?url) />
However, we should make restadmin call only when we know the information is sharable with normal users.

TariqHussain

Boss

7 years ago

Can you try this with restamdin call?

Kev_B
Advisor
7 years ago
I think that might do it, I don't have access to the restadmin stuff on here so have requested it to be able to amend the code accordingly.

Thanks :)
- TariqHussain
  Boss
  7 years ago
  Kev_B- By restadmim , i mean restadmin freemarker object.
  
  Lithium does not provide access to all object to a normal user. A normal user can not view any other user roles (same as a normal user can not view private board messages). However, moderater have access to view other users roles and rest context object make call and fetch result according to the permissions.
  Lithium does provide an object restadmin which can make a call with admin privileges.
  it's an object to make a REST call with Administrator permissions on behalf of the user viewing the component. This call essentially bypasses permission checks for the current user.
  E.g Updated your query with restadmin call.
  
  <#assign userID = user.id /> <#assign rolesQuery = "SELECT name FROM roles WHERE users.id = '" + userID + "'" /> <#assign roles = restadmin("2.0", "/search?q=" + rolesQuery?url) />
  However, we should make restadmin call only when we know the information is sharable with normal users.
  - Kev_B
    Advisor
    7 years ago
    Thanks TariqHussain, that's done the trick :smileyhappy:

Forum Discussion

API call to roles collection returning empty for non-moderators

Related Content

Returning all messages with a certain tag?

undefined collection: solutions_data

Labels Field For Messages Collection

Refresh Token not returned from accessToken endpoint

Select * from Categories (returns 0 categories 🤔)

Recent Discussions

How do I get the article ID in Freemarker in a TkbArticle?

Madehgshhhhhhhhhhhhhhhhhh

Connecting Khoros data to CRM (Salesforce)

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?