Send PM from different user - problem
Hi everyone. I created a new non-sso user Using these instructions I generated a session key for that user Created a test endpoint with this code: <#assign session_key = rest("/authentication/ses...
Forum Discussion
- interesting! thanks for the hint
Changed the code in my endpoint to test different scenarios:
1:
<#assign session_key = restadmin("/authentication/sessions/login?user.login=<user>&user.password=<pw>").value/> <#assign result_send = rest("/boards/id/001/messages/post/?restapi.session_key=${session_key}&message.author=/users/login/sys-admin&message.subject=test&message.body=test")/>2:
<#assign session_key = restadmin("/authentication/sessions/login?user.login=sys-admin&user.password=LittlePinkPig").value/> <#assign result_send = rest("/boards/id/001/messages/post/?restapi.session_key=${session_key}&message.subject=test&message.body=test")/>Open the endpoint without logging in any user:
1. Error 403
2. Error 403
Open the endpoint logged in on an admin account:
1. gets posted as regular user
2. gets posted as by the admin account
Open the endpoint logged in as regular user, they both error out with a 500
PerBonomi Give it a shot with restadmin. It would work even in logged out case.
In your case session id does not impact to anything.1. You are passing the user login so it is posting by a normal user. I would work in the same way even you remove the session id.
2. It is posted by admin as you did not pass any user login/id.
You can use this endpoint as well no need for any type of session generation, just need to pass the user id directly.
<#assign escalatesubject = http.request.parameters.name.get("escalatesubject","Here is subject")> <#assign escalatebody = http.request.parameters.name.get("escalatesubject","Here is body")> <#assign userid = 100 /> <#assign addPost = restadmin("/boards/id/001/messages/post?message.subject=${escalatesubject?url}&message.body=${escalatebody?url}&message.author=/users/id/${userid}") />
