Feature #11502

Expose roles details via REST API

Added by Vincent Caron about 9 years ago. Updated almost 9 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:REST API
Target version:2.2.0
Resolution:Fixed

Description

I recently needed a read-only access to the roles details via the REST API and implemented that - based on code from the original submission from #9725.

The patch adds a /roles/[id].:format route and a simple list of granted permissions for the requested role.

Also find attached a contribution to complete the existing doc at http://www.redmine.org/projects/redmine/wiki/Rest_Roles.

role-rest-get.patch Magnifier (1.68 KB) Vincent Caron, 2012-07-24 19:00

role-rest-get-doc.txt Magnifier (1002 Bytes) Vincent Caron, 2012-07-24 19:00

Related issues

Related to Redmine - Defect #12472: Roles REST API does not accept API authentication Closed

Associated revisions

Revision 10620
Added by Jean-Philippe Lang almost 9 years ago

Expose roles details via REST API (#11502).

History

#1 Updated by Jean-Philippe Lang about 9 years ago

I'm not sure that everyone want the details about all their roles to be publicly visible.

#2 Updated by Terence Mill about 9 years ago

Then we would need a right to have access to that roles information (at the moment onyl admin has this via web gui or using additional plugin like redmine_information (http://www.redmine.org/plugins/rp_information).

#3 Updated by Vincent Caron about 9 years ago

Since I'm a Rails newbie I'm not sure I handled authentication correctly.

From my tests with my patch (using cookie-based auth with my browser) :
  • /roles.xml is available without authentication (original behaviour)
  • /roles/:id.xml requires auth, returns result for an admin, 403 Forbidden for other regular users

Is that fine ?

I might second Terence suggestion, in my case I'd be happy with a kind of read-only admin account (see everything, but don't touch anything) and finer grain permissions; but since the consumer is my own code in another controlled application, I know I only issue GETs and I'm pretty happy to access Redmine REST services at admin level.

Jean-Philippe : would you accept the attached patch while it has no POST /roles/:id.:format implementation ? I deliberately skipped that part.

#4 Updated by Vincent Caron about 9 years ago

  • Assignee set to Jean-Philippe Lang

#5 Updated by Jean-Philippe Lang almost 9 years ago

  • Status changed from New to Closed
  • Target version set to 2.2.0
  • Resolution set to Fixed

Committed in r10620 with tests. The API is available to everyone, just like /roles.xml.

Also available in: Atom PDF