API call to roles collection returning empty for non-moderators
- 7 years ago
Kev_B- By restadmim , i mean restadmin freemarker object.
Lithium does not provide access to all object to a normal user. A normal user can not view any other user roles (same as a normal user can not view private board messages). However, moderater have access to view other users roles and rest context object make call and fetch result according to the permissions.
Lithium does provide an object restadmin which can make a call with admin privileges.
it's an object to make a REST call with Administrator permissions on behalf of the user viewing the component. This call essentially bypasses permission checks for the current user.
E.g Updated your query with restadmin call.
<#assign userID = user.id /> <#assign rolesQuery = "SELECT name FROM roles WHERE users.id = '" + userID + "'" /> <#assign roles = restadmin("2.0", "/search?q=" + rolesQuery?url) />
However, we should make restadmin call only when we know the information is sharable with normal users.