Forum Discussion
The rest call in the custom components is run using the current user's context. Can I know the use case so that I can advise you better?
Regards,
Chhama
Yes, consider a custom social sharing widget which appears on all forum topic pages. The widget will show on topic pages of active admin-only boards. When an administrator shares the topic page url to Facebook, Facebook's OG info parser cannot access the url. When an administrator shares the topic page url to Twitter, any recipient of the tweet can click on the url but will see either a Lithium error page or the Lithium log in page. If a regular user logs in, they'll see a permission denied error. We want to prevent any user with elevated permissions from ever sharing a protected post publicly.
- ChhamaJ9 years agoKhoros Staff
Got it. For this you will have to create a component on the client side and not server side. Use javascript to create the component and make the boards/id/${board.id}/view/allowed or messages/view/allowed api call as an anonymous user. If it returns true, then share it else not. Currently there is no way you can achieve this via freemarker since all the rest calls run as the user in context.
Hope this helps.
Regards,
Chhama- sullysnack9 years agoKhoros Alumni (Retired)
What's the best way to make a Lithium API call anonymously via JS? When the browser session is authenticated w/ a user w/ elevated permissions, we're seeing that typical ajax calls to direct API urls or to custom endpoints carry the user context.
- ChhamaJ9 years agoKhoros StaffYou might need to use API proxy to get that working. Talk to support to set up API proxy for you and they can guide you with the process.
Hope this helps.
Regards,
Chhama
Related Content
- 2 years ago
- 7 years ago
- 4 days ago