User Session API
The User Session API consists of the following two endpoints:
-
User Info Information about current user.
-
Permissions Information about entity permissions that the current user has obtained.
User Info
The User Info Endpoint allows you to fetch information about the current user: GET /userInfo
returns 200 - OK
with the following information:
{
"username": "admin",
"locale": "en"
}
Permissions
The /permissions
endpoint allows you to retrieve information about current user’s permissions on entities and entity attributes.
The returned entities
array contain a list of targets for the CRUD operations on entities like sample_Customer:read
with a value describing the corresponding permission:
Value | Permission |
---|---|
0 |
Operation Forbidden |
1 |
Operation Allowed |
The entityAttributes
array contains a list of targets for each entity attribute with a value describing the corresponding permission:
Value | Permission |
---|---|
0 |
Entity Attribute hidden |
1 |
Entity Attribute read allowed |
2 |
Entity Attribute modify allowed |
In the following example the permissions are requested for a user that has the following constraints:
-
The user has full access to the
Customer
entity. -
The user has only read access to the
Product
entity, except for thetags
attribute, which is hidden.
GET http://localhost:8080/rest
/permissions
{
"entities": [
{
"target": "rstex11_Customer:create",
"value": 1
},
{
"target": "rstex11_Customer:read",
"value": 1
},
{
"target": "rstex11_Customer:update",
"value": 1
},
{
"target": "rstex11_Customer:delete",
"value": 0
},
{
"target": "rstex11_Product:create",
"value": 0
},
{
"target": "rstex11_Product:read",
"value": 1
},
{
"target": "rstex11_Product:update",
"value": 0
},
{
"target": "rstex11_Product:delete",
"value": 0
}
],
"entityAttributes": [
{
"target": "rstex11_Customer:name",
"value": 2
},
{
"target": "rstex11_Customer:type",
"value": 2
},
{
"target": "rstex11_Product:image",
"value": 1
},
{
"target": "rstex11_Product:price",
"value": 1
},
{
"target": "rstex11_Product:name",
"value": 1
},
{
"target": "rstex11_Product:tags",
"value": 0
}
]
}