Hi SuzieH
Thanks for your reply. This is one workable solution. After our lithium forum administrator enbled the allow_restapi_call_modify to (only) my account, I can modify the data like giving a kudo via REST API call.
This looks like need to grant the permission per user via the setting. However I have further questions:
1. Can we enable the allow_restapi_call_modify to ALL the user by default with one time? We would like to let all the forum registered user modify the data via rest call. If we have to enable it one by one per user, that will be a huge work.
2. If the answer to question 1 is yes, the next question is should we do it like that? Do we have potential security concern if all the user can modify forum data via REST API call?
3. When doing the authentication, we are required to provide "client_id" and "client_secret", can we grant writable permission per "client_id"?
Thanks.
Hey fengka,
You can create a role which all registered users get and grant permissions to that role in Admin->Users->Permissions->Roles. Alternatively you can enable this permission by default across the community in Admin->Users->Permissions->Defaults, however this would give the write permission to anonymous users as well, so I would recommend going with the first approach.
To your other questions:
2) Other permissions would still apply, so users would not be able to modify data that they wouldn't have otherwise have access to.
3) There is no way currently to tie the permissions to clientid
Hope this helps.
