Get roles per message
Is there any API which tells me what are the roles which have read access to a particular message (Discussion, blog, tkb, idea) We are trying to implement a custom search and for this we need to kno...
Forum Discussion
luk This is not at a user level, we have a federated search to which we have to send data, we only have to send data in boards which have any of the read permissions set.
tsrisudh, Create a component to fetch all the message by using rest(api) call for boards or messages. This will return only read permission data from API. And after getting all the data you can send it to your federated search by using admin authenticated role.
Parshant We do have an api, but that sends both private and public data to the federated search, problem is how to differentiate which is private and which is public
Ok, I think I understand your use-case better now tsrisudh. While we don't currently have support for returning what roles have read access to messages in a board, I think you could do this:
Make your call(s) to retrieve messages using an API user that has permission to access all messages in all boards.
Keep track of all the board ids that have been processed so far and whether an anonymous user can or cannot view messages in that board.
The first time you encounter a message that is in a board you haven't tracked this for yet, make the call to see if you can view that message as an anonymous user (using either the REST V2 Allowed endpoint, or the REST V1 messages/view/allowed endpoint). If the anonymous user can view it, you know that all messages in that board can go into the "public" index. If the anonymous user can't view it, you know that all messages in that board should go into the "private" index.
This is assuming you only have private boards that all registered users can see. Lithium allows you to make boards private to some registered users, but not others (using different roles). If that is the case, you'll need to have search indexes per-role. The same thing applies, except that you will need to keep an api user per-role to try the allowed call with.
I hope that helps.
-Doug
