Getting access permissions through Confluence REST or Remote API?

[Roberto Dominguez]

Hey,

Had a glance at the REST and Remote API and I couldn't find ways to validate permissions. For example:
* Can user X edit pageId N?
* Can user X create pages on space S?
* Can user X admin space S?

Could somebody point me to the right direction?

Roberto

[Joseph Clark]

On Thu, Jun 20, 2013 at 12:40 PM, Roberto Dominguez <coma...@comalatech.com> wrote:

Hey,

Had a glance at the REST and Remote API and I couldn't find ways to validate permissions. For example:
* Can user X edit pageId N?

 

You need to make 2 calls to determine this. Retrieve all the permissions defined on for the individual page (Vector<ContentPermission> getPagePermissions(String token, String pageId)). If there are edit restrictions on the individual page, use these to determine the user's permission. If the page has no edit restrictions defined, then retrieve the user's space-level permissions (Vector<String> getPermissionsForUser(String token, String spaceKey, String userName)). Use these to determine if the user has the edit pages permission for the target space.

 

* Can user X create pages on space S?

Look for the create permission on pages in Vector<String> getPermissionsForUser(String token, String spaceKey, String userName)

 

* Can user X admin space S?

Look for the "admin" permission in Vector<String> getPermissionsForUser(String token, String spaceKey, String userName)

 

Could somebody point me to the right direction?

Roberto

--
You received this message because you are subscribed to the Google Groups "Atlassian Connect Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to atlassian-connec...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Roberto Dominguez]

Thanks Joe,

Any chance those get simplified? plain old hasPermission("write",user,contentId) type of thing? 

Again, having to make two remote call for something as simple as this for a remote plugin is going to have an effect in latency, so any help would really help.

I even suggested sending page permissions as context parameter (e.g. 'canWrite') in the remote page request but it got /dev/nulled :( 

Roberto

[Joseph Clark]

Hey Roberto,

This sounds like something that is worth pursuing. Let's see what we can do with the Confluence team to try and improve this situation.

Joe.

[Bryant Durrell]

On Friday, June 21, 2013 7:47:54 AM UTC-7, Joseph Clark wrote:

 

You need to make 2 calls to determine this. Retrieve all the permissions defined on for the individual page (Vector<ContentPermission> getPagePermissions(String token, String pageId)). If there are edit restrictions on the individual page, use these to determine the user's permission. If the page has no edit restrictions defined, then retrieve the user's space-level permissions (Vector<String> getPermissionsForUser(String token, String spaceKey, String userName)). Use these to determine if the user has the edit pages permission for the target space.

Is there any way to determine the anonymous user's space-level permissions? spacePerms = getPermissionsForUser(token, "SPACEKEY", "anonymous") doesn't work.

[Joseph Clark]

Actually, I'm a bit flabbergasted to admit there is a bug in the Confluence in the getPermissionsForUser method that means it doesn't work for anonymous users.

You can work around this by instead calling the getPermissions method, which will give you the space-level permissions of the authenticated user. If you call the getPermissions method from an unauthenticated context, you'll get the anonymous user's space permissions.

--

[Joseph Clark]

I raised https://jira.atlassian.com/browse/CONF-30199 to track the bug. I'll see about pushing a fix to the Confluence team.

[Bryant Durrell]

That works -- thank you!