Forum Discussion

jdbrownl's avatar
13 years ago

Setting group via REST for multiple community members

I need to set the group membership for the staff of my organization and of course remove it when someone leaves the organization.  It's important to us that comments by staff members are shown as such in the community.  We have a Lithium SSO with another web site that is accessed by our "Customers" and our staff.  I recognize full well that the proper way to set the group membership is at the time the SSO is initialized for a member and cookie written.  However I'm unable to do that because my web site doesn't know which members are staff. Changing the site would require major changes to my web site by vendors and that would be costly and take time.   So I am pursuing setting it on a regular basis via a "batch" update. 

Im looking for help from the community in doing this in the best way possible.     It looks like the way to do this with Lithium is via REST.  Admittedly I'm not 100 sure this is possible I'm just assuming it is. So here is the plan:

I will write a C# .NET console application that will run on a scheduled basis and will do the following.

  1. Extract the SSO ID's from my source database for employees.
  2. Obtain a valid SSO key using the .NET SSO client.
  3. Connect to REST using the session key that would normally be written to the cookie.
  4. Extract all members of the employee group from Lithium via REST using the SSOID.
  5. Compare. 
  6. Set the group for all new employees. 
  7. Remove it for departed ones via REST.

 

    Any insight into the proper way to accomplish this would be appreciated!

 

  • We do a lot of off-box scripting of Lithium (mainly in PHP 5.x), and what you want sounds rather doable.  We use SSO, too, but we had Li setup some local users for us for REST access.  I assume you mean you're looking to do role assignment as opposed to groups?  If so, this code may help you.  While I pride myself on knowing quite a few languages, C# is not one of them.  Hopefully this PHP code will make sense (if only as pseudo-code).

     

    /* 
    * Authenticate the REST API session * $this->param['h'] is the Lithium community URL * $this->param['u2'] is the Li username authorized to use REST (local user that doesn't go through SSO) * $this->param['p2'] is the password of the Li user */ function getCookie() { if ($this->wsCookie) return $this->wsCookie; $url = $this->param['h'] . '/restapi/vc/authentication/sessions/login'; $p = array('authentication' => array( 'post' => array('user.login' => $this->param['u2'], 'user.password' => $this->param['p2']), 'get' => array('xslt'=>'json.xsl')); $res = $this->fetchURL($url, $p); $raw = json_decode($res, true); if ($raw) { $this->wsCookie = $raw['response']['value']['$']; if ($raw) { $this->wsCookie = $raw['response']['value']['$']; return $this->wsCookie; } return false; }

    /*
    * Assign a user to a role.
    * User is specified as either id/ID or login/LOGIN
    * Role is specified either as name/NAME or id/ID
    */
    function assignUserToRole($user, $role) {
    $url = $this->param['h'] . '/roles/' . $role . '/users/add';

    $p = $this->default_params;
    $p['post']['role.user'] = $user;

    $raw = $this->getREST($url, $p);

    return ($raw === NULL) ? false : true;
    }

    /*
    * Remove a user from a role.
    * User is specified as either id/ID or login/LOGIN
    * Role is specified either as name/NAME or id/ID
    */
    function removeUserFromRole($user, $role) {
    $url = $this->param['h'] . '/roles/' . $role . '/users/remove';

    $p = $this->default_params;
    $p['post']['role.user'] = $user;

    $raw = $this->getREST($url, $p);

    return ($raw === NULL) ? false : true;
    }

     

    So, if you had a role, say Employee, a user Bob that needed to be added, and  a user Alice that needed to be removed, the code would end up calling:

     

    POST http://community.example.com/restapi/vc/roles/name/Employee/users/add?xslt=json.xsl

    role.user=login/Bob

     

    POST http://community.example.com/restapi/vc/roles/name/Employee/users/remove?xslt=json.xsl

    role.user=login/Alice