User Session API

The User Session API consists of the following two endpoints:

User Info Information about current user.
Permissions Information about entity permissions that the current user has obtained.

User Info

The User Info Endpoint allows you to fetch information about the current user: GET /userInfo returns 200 - OK with the following information:

Response: 200 - OK

{
  "username": "admin",
  "locale": "en"
}

Permissions

The /permissions endpoint allows you to retrieve information about current user’s permissions on entities and entity attributes.

The returned entities array contain a list of targets for the CRUD operations on entities like sample_Customer:read with a value describing the corresponding permission:

Table 1. Entity Values
Value	Permission
0	Operation Forbidden
1	Operation Allowed

The entityAttributes array contains a list of targets for each entity attribute with a value describing the corresponding permission:

Table 2. Entity Attribute Values
Value	Permission
0	Entity Attribute hidden
1	Entity Attribute read allowed
2	Entity Attribute modify allowed

In the following example the permissions are requested for a user that has the following constraints:

The user has full access to the Customer entity.
The user has only read access to the Product entity, except for the tags attribute, which is hidden.

Fetch Permissions Request

GET http://localhost:8080/rest
            /permissions

Response: 200 - OK

{
  "entities": [
    {
      "target": "rstex11_Customer:create",
      "value": 1
    },
    {
      "target": "rstex11_Customer:read",
      "value": 1
    },
    {
      "target": "rstex11_Customer:update",
      "value": 1
    },
    {
      "target": "rstex11_Customer:delete",
      "value": 0
    },
    {
      "target": "rstex11_Product:create",
      "value": 0
    },
    {
      "target": "rstex11_Product:read",
      "value": 1
    },
    {
      "target": "rstex11_Product:update",
      "value": 0
    },
    {
      "target": "rstex11_Product:delete",
      "value": 0
    }
  ],
  "entityAttributes": [
    {
      "target": "rstex11_Customer:name",
      "value": 2
    },
    {
      "target": "rstex11_Customer:type",
      "value": 2
    },
    {
      "target": "rstex11_Product:image",
      "value": 1
    },
    {
      "target": "rstex11_Product:price",
      "value": 1
    },
    {
      "target": "rstex11_Product:name",
      "value": 1
    },
    {
      "target": "rstex11_Product:tags",
      "value": 0
    }
  ]
}

Was this page helpful?

Thank you for your feedback

Something went wrong