Expose roles details via REST API
|Assignee:||Jean-Philippe Lang||% Done:|
I recently needed a read-only access to the roles details via the REST API and implemented that - based on code from the original submission from #9725.
The patch adds a /roles/[id].:format route and a simple list of granted permissions for the requested role.
Also find attached a contribution to complete the existing doc at http://www.redmine.org/projects/redmine/wiki/Rest_Roles.
#3 Updated by Vincent Caron over 7 years ago
Since I'm a Rails newbie I'm not sure I handled authentication correctly.From my tests with my patch (using cookie-based auth with my browser) :
- /roles.xml is available without authentication (original behaviour)
- /roles/:id.xml requires auth, returns result for an admin, 403 Forbidden for other regular users
Is that fine ?
I might second Terence suggestion, in my case I'd be happy with a kind of read-only admin account (see everything, but don't touch anything) and finer grain permissions; but since the consumer is my own code in another controlled application, I know I only issue GETs and I'm pretty happy to access Redmine REST services at admin level.
Jean-Philippe : would you accept the attached patch while it has no POST /roles/:id.:format implementation ? I deliberately skipped that part.