RESTAPI permission

Question

Hi,&nbsp;I want to make rest api call with an admin user to verify if a specified user has access to a category, a board or a discussion.Example: With an admin user, I want to know if user1 can see discussion1 and than if user2 can see&nbsp;discussion1.

adamn · Accepted Answer

Hi MLachapelle,
&nbsp;
If you search the REST API documentation for "allowed", you'll find numerous methods which can tell you whether a particular action is allowed. For example:
http://lithosphere.lithium.com/t5/rest-api/bd-p/developers-rest-api?leaf-id=Board.messages.view.allowed#Board.messages.view.allowed
&nbsp;
However, these methods apply for the current user. Since you're logged in as an admin user, you'll essentially have access to everything. To determine whether "user1" or "user2" are allowed to perform an action, you would instead need to authenticate to the REST API as those respective users.
&nbsp;
Since you're already an admin user, it's pretty easy to "switch" to another user via the REST API. You can make a call to login (http://lithosphere.lithium.com/t5/rest-api/bd-p/developers-rest-api?leaf-id=AuthenticationManager.sessions.login#AuthenticationManager.sessions.login) and pass in the desired user's login name (i.e. "user1") and the admin user's session key. This will return a session key for "user1". Then, you can make the necessary calls to the various "allowed" methods mentioned previously.
&nbsp;
I hope this helps!

Forum Discussion

RESTAPI permission

Related Content

permissions for the user biography based on user roles

RESTAPI v2 Url

API Content and User Permissions

Sort labels from restapi

login through restapi

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined