Feature #11502
Expose roles details via REST API
Status: | Closed | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | % Done: | 0% | ||
Category: | REST API | |||
Target version: | 2.2.0 | |||
Resolution: | Fixed |
Description
I recently needed a read-only access to the roles details via the REST API and implemented that - based on code from the original submission from #9725.
The patch adds a /roles/[id].:format route and a simple list of granted permissions for the requested role.
Also find attached a contribution to complete the existing doc at http://www.redmine.org/projects/redmine/wiki/Rest_Roles.
Related issues
Associated revisions
Expose roles details via REST API (#11502).
History
#1
Updated by Jean-Philippe Lang over 8 years ago
I'm not sure that everyone want the details about all their roles to be publicly visible.
#2
Updated by Terence Mill over 8 years ago
Then we would need a right to have access to that roles information (at the moment onyl admin has this via web gui or using additional plugin like redmine_information (http://www.redmine.org/plugins/rp_information).
#3
Updated by Vincent Caron over 8 years ago
Since I'm a Rails newbie I'm not sure I handled authentication correctly.
From my tests with my patch (using cookie-based auth with my browser) :- /roles.xml is available without authentication (original behaviour)
- /roles/:id.xml requires auth, returns result for an admin, 403 Forbidden for other regular users
Is that fine ?
I might second Terence suggestion, in my case I'd be happy with a kind of read-only admin account (see everything, but don't touch anything) and finer grain permissions; but since the consumer is my own code in another controlled application, I know I only issue GETs and I'm pretty happy to access Redmine REST services at admin level.
Jean-Philippe : would you accept the attached patch while it has no POST /roles/:id.:format implementation ? I deliberately skipped that part.
#4
Updated by Vincent Caron over 8 years ago
- Assignee set to Jean-Philippe Lang
#5
Updated by Jean-Philippe Lang over 8 years ago
- Status changed from New to Closed
- Target version set to 2.2.0
- Resolution set to Fixed
Committed in r10620 with tests. The API is available to everyone, just like /roles.xml.