RESTAPI: Determine whether or not a user data is private or not
Hi,
I'm working on a custom component that displays certain user info in a small widget for the user profile pages, one of the details is to display when was the last time the user visited the board. This information shouldn't be displayed to other users when the user has restricted their details to be viewed by others, I noticed that the 'last_visit_time' branch isn't displayed when viewing the xml output for "<community-url>/restapi/vc/users/login/<username>/" so I've added an if-statement to check to see whether or not the branch is viewable:
<#if rest("/users/login/${page.context.user.login}").user.last_visit_time??>
... display user visit time ...
</#if>
But I've noticed that the condition is still met regardless of whether or not last_visit_time branch is accessible. Is there an alternative way to check this?
Thanks,
Janh
That's odd. Does it actually display the date still, or does it give you some kind of error? It could be the case that the node still exists when processed via FreeMarker, but is evaluated to empty. One thing you could do is to check to see that the node has content via the "has_content" FreeMarker built-in.
Here some sample code I tested which seemed to do the trick of respecting the user's privacy settings:
<#if (page.context.user.id)??> <#assign visitTime = rest("/users/id/${page.context.user.id?c}").user.last_visit_time /> <#if visitTime?? && visitTime?has_content > Last Visit: ${visitTime.@view_date!""} ${visitTime.@view_time!""} </#if> </#if>
I've done a few things differently here:
- I'm wrapping everything with a check to ensure that the page.context.user.id variable exists, just in case the component were to be accidentally placed on a different page.
- I'm assigning the response to a variable so that I don't have to make the REST call more than once.
- I'm using the user id rather than the user login for the REST API call. It may work fine in your community, but some communities allow non-standard usernames via SSO which could cause an issue with the REST API call if not handled properly. So I always prefer to use the user ID just in case.
- I'm checking that the node has conent, as mentioned above.
- You didn't include any sample output, so I put a simple one in there that uses the more friendly version of the date instead of the ISO 8601 format that normally gets returned.
I hope this helps!