Forum Discussion

clemlith's avatar
clemlith
Expert
11 years ago

Secured endpoint exporting all freshly registered users

Hi everyone,

I need to provide a stream to partner with the following informations :

  • Login
  • email
  • registration date
  • last connection date
  • SSO iD
  • total of posts
  • total of logins

We plan to create an endpoint combining several rest api calls.

This stream has to be private as it will contain private information.

 

My concern is that I don't know how to restrict properly the access to my partner only.

 

Have you done that before ?

Do you have recommendation ?

 

Clement

 

 

 

 

 

  • VarunLuthra's avatar
    VarunLuthra
    11 years ago

    clemlith  Do you wish to provide the access to this data outside the lithium community? if yes, then you need to handle the access on the other platform, but in case you want to put access to the endpoint data inside the community itself, then you can do following:

     

    Once you make all the REST calls and export the users data, make a Partner_role and use the following code to access this data

     

    <#if user.registered >  <#-- if the user is not anonymous -->
<#assign show_module = false />
<#list restadmin("/users/id/${user.id?c}/roles").roles.role as role>  <#-- REST call to get the user's roles -->
    <#if role.name?? && (role.name == "Parnter_Role")>    
		<#assign show_module = true />
	 </#if>
</#list>

	<#if show_module>
		<!-- the code goes here -->
	</#if>
</#if>

    I hope this helps.

  • VarunLuthra's avatar
    VarunLuthra
    Advisor
    11 years ago

    clemlith  Do you wish to provide the access to this data outside the lithium community? if yes, then you need to handle the access on the other platform, but in case you want to put access to the endpoint data inside the community itself, then you can do following:

     

    Once you make all the REST calls and export the users data, make a Partner_role and use the following code to access this data

     

    <#if user.registered >  <#-- if the user is not anonymous -->
<#assign show_module = false />
<#list restadmin("/users/id/${user.id?c}/roles").roles.role as role>  <#-- REST call to get the user's roles -->
    <#if role.name?? && (role.name == "Parnter_Role")>    
		<#assign show_module = true />
	 </#if>
</#list>

	<#if show_module>
		<!-- the code goes here -->
	</#if>
</#if>

    I hope this helps.

    • HaidongG's avatar
      HaidongG
      Lithium Alumni (Retired)
      11 years ago

      good idea and great code VarunLuthra !

       

      it could be even nicer if we add

      <#break />

      after 

      <#assign show_module = true />
    • clemlith's avatar
      clemlith
      Expert
      11 years ago

      VarunLuthraThansk for your quick reply.

      Indeed I want to give access to those data via an endpoint inside the community.

      You're suggestion with role control sounds good.

      Thanks,

      Clement

      • VarunLuthra's avatar
        VarunLuthra
        Advisor
        11 years ago

        clemlith - Thanks, and yes, this is a good option to use, we are also using gated endpoints and custom components in our community for partners only.