https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292012-07-24T17:57:23ZRedmineRedmine - Feature #11502: Expose roles details via REST APIhttps://www.redmine.org/issues/11502?journal_id=399322012-07-24T17:57:23ZJean-Philippe Langjp_lang@yahoo.fr
<ul></ul><p>I'm not sure that everyone want the details about all their roles to be publicly visible.</p> Redmine - Feature #11502: Expose roles details via REST APIhttps://www.redmine.org/issues/11502?journal_id=399402012-07-24T22:08:44ZTerence Mill
<ul></ul><p>Then we would need a right to have access to that roles information (at the moment onyl admin has this via web gui or using additional plugin like redmine_information (<a class="external" href="http://www.redmine.org/plugins/rp_information">http://www.redmine.org/plugins/rp_information</a>).</p> Redmine - Feature #11502: Expose roles details via REST APIhttps://www.redmine.org/issues/11502?journal_id=399492012-07-25T10:31:42ZVincent Caron
<ul></ul><p>Since I'm a Rails newbie I'm not sure I handled authentication correctly.</p>
From my tests with my patch (using cookie-based auth with my browser) :
<ul>
<li>/roles.xml is available without authentication (original behaviour)</li>
<li>/roles/:id.xml requires auth, returns result for an admin, 403 Forbidden for other regular users</li>
</ul>
<p>Is that fine ?</p>
<p>I might second Terence suggestion, in my case I'd be happy with a kind of read-only admin account (see everything, but don't touch anything) and finer grain permissions; but since the consumer is my own code in another controlled application, I know I only issue GETs and I'm pretty happy to access Redmine REST services at admin level.</p>
<p>Jean-Philippe : would you accept the attached patch while it has no POST /roles/:id.:format implementation ? I deliberately skipped that part.</p> Redmine - Feature #11502: Expose roles details via REST APIhttps://www.redmine.org/issues/11502?journal_id=406562012-09-01T12:22:12ZVincent Caron
<ul><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li></ul> Redmine - Feature #11502: Expose roles details via REST APIhttps://www.redmine.org/issues/11502?journal_id=419822012-10-12T17:25:09ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Target version</strong> set to <i>2.2.0</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Committed in <a class="changeset" title="Expose roles details via REST API (#11502)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/10620">r10620</a> with tests. The API is available to everyone, just like /roles.xml.</p>