Forum Discussion

bma's avatar
bma
Mentor
11 years ago

How to query permissions/permitted actions of a user's configured roles with REST API or Endpoint?

Hi,

 

How can I query whether a user has been granted permission to "Blog Articles > Post new articles" or "Comment on articles."

 

I'm able to get a list of roles that a user is assigned:

 

http://lithosphere.lithium.com/t5/rest-api/bd-p/developers-rest-api?leaf-id=User.roles#User.roles

 

e.g. Administrator, Member

 

Am I able to either query a user's permissions (directly) or a role's granted actions via REST API or Endpoint?

 

Thanks,

Ben

  • There is a freemarker context object call you can make to check a specific permission for the current user at the current node -- this article points you to it:

     

    http://lithosphere.lithium.com/t5/developers-discussion/permission-api/m-p/117291/highlight/true#M4353

     

    Unfortunately, we don't currently have the permission keys documented anywhere.  I'll let you in on a (somewhat labor-intensive and roundabout) way you can find the permission key, which involves looking at the permissions admin page and pulling the perimssion key from a css class on the permission field you are looking for.

     

    You can get the permission key by going to the permission page and looking at the html markup for the specific css class that starts with lia-form- and ends with -entry.  The part of the css class in the middle of those is the permission key, except you need to replace any dashes with underscores.  For example, if you view source for and look at the markup around the "Comment on articles" field in the blog section, you'll find the css class lia-form-add-comments-entry, from which you can get the permission key, which is add_comments.

     

    add_comments is the permission key for "Comment on articles"

     

    We also have the following REST API call, which you can make to determine what boards of a specific style ("forum", "blog", "idea", etc.) the current user can post in: 

     

    http://lithosphere.lithium.com/t5/rest-api/bd-p/developers-rest-api?leaf-id=Community.boards.style.style.policy.messages.post.allowed#Community.boards.style.style.policy.messages.post.allowed

4 Replies

  • DougS's avatar
    DougS
    Khoros Oracle
    11 years ago

    There is a freemarker context object call you can make to check a specific permission for the current user at the current node -- this article points you to it:

     

    http://lithosphere.lithium.com/t5/developers-discussion/permission-api/m-p/117291/highlight/true#M4353

     

    Unfortunately, we don't currently have the permission keys documented anywhere.  I'll let you in on a (somewhat labor-intensive and roundabout) way you can find the permission key, which involves looking at the permissions admin page and pulling the perimssion key from a css class on the permission field you are looking for.

     

    You can get the permission key by going to the permission page and looking at the html markup for the specific css class that starts with lia-form- and ends with -entry.  The part of the css class in the middle of those is the permission key, except you need to replace any dashes with underscores.  For example, if you view source for and look at the markup around the "Comment on articles" field in the blog section, you'll find the css class lia-form-add-comments-entry, from which you can get the permission key, which is add_comments.

     

    add_comments is the permission key for "Comment on articles"

     

    We also have the following REST API call, which you can make to determine what boards of a specific style ("forum", "blog", "idea", etc.) the current user can post in: 

     

    http://lithosphere.lithium.com/t5/rest-api/bd-p/developers-rest-api?leaf-id=Community.boards.style.style.policy.messages.post.allowed#Community.boards.style.style.policy.messages.post.allowed

  • bma's avatar
    bma
    Mentor
    11 years ago

    Hey Doug,

     

    Thanks! I think this will work for me.

     

    Q: Can I specify which node the coreNode references besides the current node?

     

    I'm hoping we can query a particular permission of a sub-node (e.g. can the user post comments in blog X) from our/while on our community page.

     

    -Ben

  • DougS's avatar
    DougS
    Khoros Oracle
    11 years ago

    Hey Ben,

     

    Unfortunately there is no current way to get the sub-nodes of the current coreNode (except by using a rest freemarker call which doesn't return the same coreNode object), or to look up a coreNode template context object by id.  Also, using the rest call I mentioned will only tell you the boards that a user can post a new topic in (so for blogs that would mean a check to see if the user can post a blog article).  :(

     

    You can reach out to professional services to see if this is something they could do as a customization, and I definately encourge you to submit an idea on our customer idea board if using the current core node doesn't solve this for you (I think our API should have a call that tells you if you can post a reply/comment on a certain board/blog/etc. and you'll certainly get my vote if you submit that idea).

     

    -Doug