Get roles per message

While you can't check what permissions a given role has via the API, you can check if the current user can take a given action using the REST V2 Allowed endpoint, or specifically for viewing messages, you can use the REST V1 messages/view/allowed endpoint.

-Doug

This will not work for us as we need the data for our federated search, we need to know if the roles associated with each category/board have read permissions or not, if yes what read permissions are allowed.

Is creating an idea the only option left?

tsrisudh How do you query the API, e.g. with what Role/Authentication? If the API user was properly authenticated (do not use restadmin() for everything or an Admin Role for the API user!) you would not have to check for permissions, you would just get back what you can read, no?

luk This is not at a user level, we have a federated search to which we have to send data, we only have to send data in boards which have any of the read permissions set.

tsrisudh, Create a component to fetch all the message by using rest(api) call for boards or messages. This will return only read permission data from API. And after getting all the data you can send it to your federated search by using admin authenticated role.

Parshant We do have an api, but that sends both private and public data to the federated search, problem is how to differentiate which is private and which is public

Ok, I think I understand your use-case better now tsrisudh. While we don't currently have support for returning what roles have read access to messages in a board, I think you could do this:

Make your call(s) to retrieve messages using an API user that has permission to access all messages in all boards.

Keep track of all the board ids that have been processed so far and whether an anonymous user can or cannot view messages in that board.

The first time you encounter a message that is in a board you haven't tracked this for yet, make the call to see if you can view that message as an anonymous user (using either the REST V2 Allowed endpoint, or the REST V1 messages/view/allowed endpoint). If the anonymous user can view it, you know that all messages in that board can go into the "public" index. If the anonymous user can't view it, you know that all messages in that board should go into the "private" index.

This is assuming you only have private boards that all registered users can see. Lithium allows you to make boards private to some registered users, but not others (using different roles). If that is the case, you'll need to have search indexes per-role. The same thing applies, except that you will need to keep an api user per-role to try the allowed call with.

I hope that helps.

-Doug