Feature #11502
closedExpose roles details via REST API
0%
Description
I recently needed a read-only access to the roles details via the REST API and implemented that - based on code from the original submission from #9725.
The patch adds a /roles/[id].:format route and a simple list of granted permissions for the requested role.
Also find attached a contribution to complete the existing doc at http://www.redmine.org/projects/redmine/wiki/Rest_Roles.
Files
Related issues
Updated by Jean-Philippe Lang over 12 years ago
I'm not sure that everyone want the details about all their roles to be publicly visible.
Updated by Terence Mill over 12 years ago
Then we would need a right to have access to that roles information (at the moment onyl admin has this via web gui or using additional plugin like redmine_information (http://www.redmine.org/plugins/rp_information).
Updated by Vincent Caron over 12 years ago
Since I'm a Rails newbie I'm not sure I handled authentication correctly.
From my tests with my patch (using cookie-based auth with my browser) :- /roles.xml is available without authentication (original behaviour)
- /roles/:id.xml requires auth, returns result for an admin, 403 Forbidden for other regular users
Is that fine ?
I might second Terence suggestion, in my case I'd be happy with a kind of read-only admin account (see everything, but don't touch anything) and finer grain permissions; but since the consumer is my own code in another controlled application, I know I only issue GETs and I'm pretty happy to access Redmine REST services at admin level.
Jean-Philippe : would you accept the attached patch while it has no POST /roles/:id.:format implementation ? I deliberately skipped that part.
Updated by Jean-Philippe Lang about 12 years ago
- Status changed from New to Closed
- Target version set to 2.2.0
- Resolution set to Fixed
Committed in r10620 with tests. The API is available to everyone, just like /roles.xml.