Get User's assigned Roles


#1

I’m building an application that will present a different structure to the user depending on the Role they have been assigned. Users belonging to one role will also be allowed to create other users and select their role within the application (as opposed to going into the DreamFactory Admin UI).

I have two questions relating to this:

  • Is it possible to retrieve the current User’s assigned roles without granting them access to the /system/role resource?

  • When creating a user via the API, can Roles only be assigned to the User via an event script (as in this example)? If an event script is the only way then I will need to store the desired role info against the user so it can be retrieved against the script, as I won’t just be assigning a single role.

Many thanks.


#2

If your user has valid session, performing a GET on user/session will show you the role the user has for that application (this will obviously vary depending on which API key is used to make the call.)
In order to list all a user’s roles I think the user needs access to system/user/* in role. I can double check with one of our engineers to verify.
As far as assigning roles on creation, you can use the same method referenced in that post you linked to in your actual API call rather than in a script.
Just include the related=user_to_app_to_role_by_user_id in the request URL and include the related data in the call.
The original request on that post required scripting because it was on the legacy version of the product. scripting is no longer necessary unless you want to obfuscate the request url and data from the user.


#3

Fantastic, thanks Drew!

I believe getting the role specific to an application should meet my requirements so no need to double check regarding listing all roles.

One related follow-up question if you don’t mind. Is it possible to utilize the filter parameter to filter by related resources when retrieving users with a GET to system/user? If possible I would like to be able to search by app role without having to pre-fetch the users and then filter in the browser.

Again, thanks for your help.


#4

Filtering on related data is not currently supported, but we have filed a feature request for this. Would definitely be useful to have.


#5

EDIT: I forgot to make the call to the system/user/{id} method rather than system/user, when I changed the URL to the appropriate method the call succeeded.

Hello again, apologies but I’m having trouble getting the PATCH call to work.

After registering the user with a POST to system/user, I’m using the returned ID to make the following request:

PATCH /api/v2/system/user?related=user_to_app_to_role_by_user_id

request body:

{

  "user_to_app_to_role_by_user_id": [{
	"user_id": 15,
	"app_id": 4,
	"role_id": 1
  }]

}

However I’m getting an error code 400 response with the message “No record(s) detected in request”. I get the same thing when I try it in Swagger. It seems like my request is badly formatted somehow, any hints on what I’m doing wrong?