API for /view/allowed state of a board, but not for current user

Question

&nbsp;Hi Lithium developers,&nbsp;In a custom component, on a forum topic page, is there a way to figure if the topic's&nbsp;board node is publicly viewable?&nbsp;I am familiar with this REST API call:/boards/id/${board.id}/view/allowedbut it seems to give true or false only for the current user based on his/her role permissions.&nbsp;Say the current user is an admin or a moderator, can the custom component know if topics in the current board can be visited&nbsp;by an anonymous visitor?&nbsp;Thanks,Dave&nbsp;&nbsp;

chhamaj · Answer

Hi There,The rest call in the custom components is run using the current user's context. Can I know the use case so that I can advise you better?Regards,Chhama

sullysnack · Answer

&nbsp;Yes, consider a custom social sharing widget which appears on all forum topic pages. The widget will show on topic pages of active admin-only boards. When an administrator shares the topic page url to Facebook, Facebook's OG info parser cannot&nbsp;access the url. When an administrator shares the topic page url to Twitter, any recipient of the tweet can click on the url but will see either a Lithium error page or the Lithium log in page. If a regular user logs in, they'll see a permission denied error. We want to prevent any user with elevated permissions from ever sharing a protected post publicly.&nbsp;&nbsp;

chhamaj · Answer

Got it. For this you will have to create a component on the client side and not server side. Use javascript to create the component and make the boards/id/${board.id}/view/allowed or messages/view/allowed&nbsp;&nbsp;api call as an anonymous user. &nbsp;If it returns true, then share it else not. Currently there is no way you can achieve this via freemarker since all the rest calls run as the user in context.
 
Hope this helps.
 
Regards, Chhama

sullysnack · Answer

&nbsp;What's the best way to make a Lithium API call anonymously via JS? When the browser session is authenticated w/ a user w/ elevated permissions, we're seeing that typical ajax calls to direct API urls or to custom endpoints carry the user context.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

chhamaj · Answer

You might need to use API proxy to get that working. Talk to support to set up API proxy for you and they can guide you with the process.Hope this helps.Regards,Chhama

Forum Discussion

API for /view/allowed state of a board, but not for current user

Related Content

API for board information per time period

Custom Metadata for Boards?

Move event from one board to another board in grouphub

Board subscription option

Move a message programmatically to a different board

Recent Discussions

Will adding/changing a custom tag trigger a Community event?

How to convert Endpoints to GraphQL queries?

Error message when adding a query to handlebars component (Aurora)

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?