Forum Discussion

bma's avatar
bma
Mentor
11 years ago

How to query permissions/permitted actions of a user's configured roles with REST API or Endpoint?

Hi,   How can I query whether a user has been granted permission to "Blog Articles > Post new articles" or "Comment on articles."   I'm able to get a list of roles that a user is assigned:   ht...
  • DougS's avatar
    11 years ago

    There is a freemarker context object call you can make to check a specific permission for the current user at the current node -- this article points you to it:

     

    http://lithosphere.lithium.com/t5/developers-discussion/permission-api/m-p/117291/highlight/true#M4353

     

    Unfortunately, we don't currently have the permission keys documented anywhere.  I'll let you in on a (somewhat labor-intensive and roundabout) way you can find the permission key, which involves looking at the permissions admin page and pulling the perimssion key from a css class on the permission field you are looking for.

     

    You can get the permission key by going to the permission page and looking at the html markup for the specific css class that starts with lia-form- and ends with -entry.  The part of the css class in the middle of those is the permission key, except you need to replace any dashes with underscores.  For example, if you view source for and look at the markup around the "Comment on articles" field in the blog section, you'll find the css class lia-form-add-comments-entry, from which you can get the permission key, which is add_comments.

     

    add_comments is the permission key for "Comment on articles"

     

    We also have the following REST API call, which you can make to determine what boards of a specific style ("forum", "blog", "idea", etc.) the current user can post in: 

     

    http://lithosphere.lithium.com/t5/rest-api/bd-p/developers-rest-api?leaf-id=Community.boards.style.style.policy.messages.post.allowed#Community.boards.style.style.policy.messages.post.allowed