Forum Discussion

sullysnack's avatar
sullysnack
Khoros Alumni (Retired)
9 years ago

API for /view/allowed state of a board, but not for current user

 

Hi Lithium developers,

 

In a custom component, on a forum topic page, is there a way to figure if the topic's board node is publicly viewable?

 

I am familiar with this REST API call:

/boards/id/${board.id}/view/allowed

but it seems to give true or false only for the current user based on his/her role permissions. Say the current user is an admin or a moderator, can the custom component know if topics in the current board can be visited by an anonymous visitor?

 

Thanks,

Dave

 

 

6 Replies

Sort By
  • ChhamaJ's avatar
    ChhamaJ
    Khoros Staff
    9 years ago
    Hi There,

    The rest call in the custom components is run using the current user's context. Can I know the use case so that I can advise you better?

    Regards,
    Chhama
  • sullysnack's avatar
    sullysnack
    Khoros Alumni (Retired)
    9 years ago

     

    Yes, consider a custom social sharing widget which appears on all forum topic pages. The widget will show on topic pages of active admin-only boards. When an administrator shares the topic page url to Facebook, Facebook's OG info parser cannot access the url. When an administrator shares the topic page url to Twitter, any recipient of the tweet can click on the url but will see either a Lithium error page or the Lithium log in page. If a regular user logs in, they'll see a permission denied error. We want to prevent any user with elevated permissions from ever sharing a protected post publicly.

     

     

  • ChhamaJ's avatar
    ChhamaJ
    Khoros Staff
    9 years ago

    Got it. For this you will have to create a component on the client side and not server side. Use javascript to create the component and make the boards/id/${board.id}/view/allowed or messages/view/allowed  api call as an anonymous user.  If it returns true, then share it else not. Currently there is no way you can achieve this via freemarker since all the rest calls run as the user in context.


    Hope this helps.


    Regards,
    Chhama

  • sullysnack's avatar
    sullysnack
    Khoros Alumni (Retired)
    9 years ago

     

    What's the best way to make a Lithium API call anonymously via JS? When the browser session is authenticated w/ a user w/ elevated permissions, we're seeing that typical ajax calls to direct API urls or to custom endpoints carry the user context.

     

     

     

     

     

     

  • ChhamaJ's avatar
    ChhamaJ
    Khoros Staff
    9 years ago
    You might need to use API proxy to get that working. Talk to support to set up API proxy for you and they can guide you with the process.

    Hope this helps.

    Regards,
    Chhama
  • sullysnack's avatar
    sullysnack
    Khoros Alumni (Retired)
    9 years ago

     

    Hi Chhama,

     

    Thank you. Support pointed me in the right direction. I now have a solution.