Feature #11502
closed
Expose roles details via REST API
Added by Vincent Caron over 12 years ago.
Updated about 12 years ago.
Description
I recently needed a read-only access to the roles details via the REST API and implemented that - based on code from the original submission from #9725.
The patch adds a /roles/[id].:format route and a simple list of granted permissions for the requested role.
Also find attached a contribution to complete the existing doc at http://www.redmine.org/projects/redmine/wiki/Rest_Roles.
Files
I'm not sure that everyone want the details about all their roles to be publicly visible.
Since I'm a Rails newbie I'm not sure I handled authentication correctly.
From my tests with my patch (using cookie-based auth with my browser) :
- /roles.xml is available without authentication (original behaviour)
- /roles/:id.xml requires auth, returns result for an admin, 403 Forbidden for other regular users
Is that fine ?
I might second Terence suggestion, in my case I'd be happy with a kind of read-only admin account (see everything, but don't touch anything) and finer grain permissions; but since the consumer is my own code in another controlled application, I know I only issue GETs and I'm pretty happy to access Redmine REST services at admin level.
Jean-Philippe : would you accept the attached patch while it has no POST /roles/:id.:format implementation ? I deliberately skipped that part.
- Assignee set to Jean-Philippe Lang
- Status changed from New to Closed
- Target version set to 2.2.0
- Resolution set to Fixed
Committed in r10620 with tests. The API is available to everyone, just like /roles.xml.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by