User Session API

The User Session API consists of the following two endpoints:

  • User Info Information about current user.

  • Permissions Information about entity permissions that the current user has obtained.

User Info

The User Info Endpoint allows you to fetch information about the current user: GET /userInfo returns 200 - OK with the following information:

Response: 200 - OK
{
  "username": "admin",
  "locale": "en"
}

Permissions

The /permissions endpoint allows you to retrieve information about current user’s permissions on entities and entity attributes.

The returned entities array contain a list of targets for the CRUD operations on entities like sample_Customer:read with a value describing the corresponding permission:

Table 1. Entity Values
Value Permission

0

Operation Forbidden

1

Operation Allowed

The entityAttributes array contains a list of targets for each entity attribute with a value describing the corresponding permission:

Table 2. Entity Attribute Values
Value Permission

0

Entity Attribute hidden

1

Entity Attribute read allowed

2

Entity Attribute modify allowed

In the following example the permissions are requested for a user that has the following constraints:

  • The user has full access to the Customer entity.

  • The user has only read access to the Product entity, except for the tags attribute, which is hidden.

Fetch Permissions Request
GET http://localhost:8080/rest
            /permissions
Response: 200 - OK
{
  "entities": [
    {
      "target": "rstex11_Customer:create",
      "value": 1
    },
    {
      "target": "rstex11_Customer:read",
      "value": 1
    },
    {
      "target": "rstex11_Customer:update",
      "value": 1
    },
    {
      "target": "rstex11_Customer:delete",
      "value": 0
    },
    {
      "target": "rstex11_Product:create",
      "value": 0
    },
    {
      "target": "rstex11_Product:read",
      "value": 1
    },
    {
      "target": "rstex11_Product:update",
      "value": 0
    },
    {
      "target": "rstex11_Product:delete",
      "value": 0
    }
  ],
  "entityAttributes": [
    {
      "target": "rstex11_Customer:name",
      "value": 2
    },
    {
      "target": "rstex11_Customer:type",
      "value": 2
    },
    {
      "target": "rstex11_Product:image",
      "value": 1
    },
    {
      "target": "rstex11_Product:price",
      "value": 1
    },
    {
      "target": "rstex11_Product:name",
      "value": 1
    },
    {
      "target": "rstex11_Product:tags",
      "value": 0
    }
  ]
}