Project

General

Profile

Actions

Feature #11502

closed

Expose roles details via REST API

Added by Vincent Caron over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Category:
REST API
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

I recently needed a read-only access to the roles details via the REST API and implemented that - based on code from the original submission from #9725.

The patch adds a /roles/[id].:format route and a simple list of granted permissions for the requested role.

Also find attached a contribution to complete the existing doc at http://www.redmine.org/projects/redmine/wiki/Rest_Roles.


Files

role-rest-get.patch (1.68 KB) role-rest-get.patch Vincent Caron, 2012-07-24 19:00
role-rest-get-doc.txt (1002 Bytes) role-rest-get-doc.txt Vincent Caron, 2012-07-24 19:00

Related issues

Related to Redmine - Defect #12472: Roles REST API does not accept API authenticationClosedJean-Philippe Lang

Actions
Actions #1

Updated by Jean-Philippe Lang over 11 years ago

I'm not sure that everyone want the details about all their roles to be publicly visible.

Actions #2

Updated by Terence Mill over 11 years ago

Then we would need a right to have access to that roles information (at the moment onyl admin has this via web gui or using additional plugin like redmine_information (http://www.redmine.org/plugins/rp_information).

Actions #3

Updated by Vincent Caron over 11 years ago

Since I'm a Rails newbie I'm not sure I handled authentication correctly.

From my tests with my patch (using cookie-based auth with my browser) :
  • /roles.xml is available without authentication (original behaviour)
  • /roles/:id.xml requires auth, returns result for an admin, 403 Forbidden for other regular users

Is that fine ?

I might second Terence suggestion, in my case I'd be happy with a kind of read-only admin account (see everything, but don't touch anything) and finer grain permissions; but since the consumer is my own code in another controlled application, I know I only issue GETs and I'm pretty happy to access Redmine REST services at admin level.

Jean-Philippe : would you accept the attached patch while it has no POST /roles/:id.:format implementation ? I deliberately skipped that part.

Actions #4

Updated by Vincent Caron over 11 years ago

  • Assignee set to Jean-Philippe Lang
Actions #5

Updated by Jean-Philippe Lang over 11 years ago

  • Status changed from New to Closed
  • Target version set to 2.2.0
  • Resolution set to Fixed

Committed in r10620 with tests. The API is available to everyone, just like /roles.xml.

Actions

Also available in: Atom PDF