Forum Discussion

Mentor

11 years ago

How to query permissions/permitted actions of a user's configured roles with REST API or Endpoint?

Hi,

How can I query whether a user has been granted permission to "Blog Articles > Post new articles" or "Comment on articles."

I'm able to get a list of roles that a user is assigned:

http://lithosphere.lithium.com/t5/rest-api/bd-p/developers-rest-api?leaf-id=User.roles#User.roles

e.g. Administrator, Member

Am I able to either query a user's permissions (directly) or a role's granted actions via REST API or Endpoint?

Thanks,

Ben

DougS
11 years ago
There is a freemarker context object call you can make to check a specific permission for the current user at the current node -- this article points you to it:

http://lithosphere.lithium.com/t5/developers-discussion/permission-api/m-p/117291/highlight/true#M4353

Unfortunately, we don't currently have the permission keys documented anywhere. I'll let you in on a (somewhat labor-intensive and roundabout) way you can find the permission key, which involves looking at the permissions admin page and pulling the perimssion key from a css class on the permission field you are looking for.

You can get the permission key by going to the permission page and looking at the html markup for the specific css class that starts with lia-form- and ends with -entry. The part of the css class in the middle of those is the permission key, except you need to replace any dashes with underscores. For example, if you view source for and look at the markup around the "Comment on articles" field in the blog section, you'll find the css class lia-form-add-comments-entry, from which you can get the permission key, which is add_comments.

add_comments is the permission key for "Comment on articles"

We also have the following REST API call, which you can make to determine what boards of a specific style ("forum", "blog", "idea", etc.) the current user can post in:

http://lithosphere.lithium.com/t5/rest-api/bd-p/developers-rest-api?leaf-id=Community.boards.style.style.policy.messages.post.allowed#Community.boards.style.style.policy.messages.post.allowed

DougS
Khoros Oracle
11 years ago
There is a freemarker context object call you can make to check a specific permission for the current user at the current node -- this article points you to it:

http://lithosphere.lithium.com/t5/developers-discussion/permission-api/m-p/117291/highlight/true#M4353

Unfortunately, we don't currently have the permission keys documented anywhere. I'll let you in on a (somewhat labor-intensive and roundabout) way you can find the permission key, which involves looking at the permissions admin page and pulling the perimssion key from a css class on the permission field you are looking for.

You can get the permission key by going to the permission page and looking at the html markup for the specific css class that starts with lia-form- and ends with -entry. The part of the css class in the middle of those is the permission key, except you need to replace any dashes with underscores. For example, if you view source for and look at the markup around the "Comment on articles" field in the blog section, you'll find the css class lia-form-add-comments-entry, from which you can get the permission key, which is add_comments.

add_comments is the permission key for "Comment on articles"

We also have the following REST API call, which you can make to determine what boards of a specific style ("forum", "blog", "idea", etc.) the current user can post in:

http://lithosphere.lithium.com/t5/rest-api/bd-p/developers-rest-api?leaf-id=Community.boards.style.style.policy.messages.post.allowed#Community.boards.style.style.policy.messages.post.allowed
- bma
  Mentor
  11 years ago
  Hey Doug,
  
  Thanks! I think this will work for me.
  
  Q: Can I specify which node the coreNode references besides the current node?
  
  I'm hoping we can query a particular permission of a sub-node (e.g. can the user post comments in blog X) from our/while on our community page.
  
  -Ben
  - DougS
    Khoros Oracle
    11 years ago
    Hey Ben,
    
    Unfortunately there is no current way to get the sub-nodes of the current coreNode (except by using a rest freemarker call which doesn't return the same coreNode object), or to look up a coreNode template context object by id. Also, using the rest call I mentioned will only tell you the boards that a user can post a new topic in (so for blogs that would mean a check to see if the user can post a blog article). :(
    
    You can reach out to professional services to see if this is something they could do as a customization, and I definately encourge you to submit an idea on our customer idea board if using the current core node doesn't solve this for you (I think our API should have a call that tells you if you can post a reply/comment on a certain board/blog/etc. and you'll certainly get my vote if you submit that idea).
    
    -Doug

Forum Discussion

How to query permissions/permitted actions of a user's configured roles with REST API or Endpoint?

Related Content

Unable to invoke a custom endpoint from another custom endpoint

Generate session key from endpoint with SSO configured

how to make implement endpoint with ajax?

Set HTTP response code on custom endpoint

endpoint path

Recent Discussions

Error message when adding a query to handlebars component (Aurora)

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.