pages/{pageid}/allowed (POST)
Overview
Filter a list of user ids based on access to the page
- REST Method: POST
- Method Access: public
Uri Parameters
| Name | Type | Description |
| pageid | int | integer page ID |
Query Parameters
| Name | Type | Description |
| filterdisabled | bool? | DEPRECATED: Will always filter disabled users, regardless of permissions |
| permissions | string? | A comma separated list of permissions that must be satisfied (e.g read, etc.). Defaults to read, if not provided |
Return Codes
| Name | Value | Description |
| OK | 200 | The request completed successfully |
| Bad Request | 400 | Invalid input parameter or request body |
| Forbidden | 403 | Read access to the page is required |
| Not Found | 404 | Requested page could not be found |
Message Format
Input:
List of all users to run feature against:
<users>
<user id="{id}"/>
<user id="{id}"/>
...
</users>
Output:
List of all users with allowed permissions as specified in the query parameter:
<users>
<user id="{id}"/>
<user id="{id}"/>
...
</users>
Implementation Notes
The feature takes in as input a list of users and outputs a filtered user list whose members have a page permission that matches one or more of the permissions given in the query parameter.
Curl Code Sample: Check User Access to Page
The following command returns a sublist of users with defined permissions to a page (page ID = 1). The users are listed in "users.xml". The permissions are appended to the "permissions parameter":
Sample Code
curl -u username:password -H "Content-Type: application/xml" -d @uesrs.xml -i http://mindtouch.address/@api/deki/pages/1/allowed?permissions="NONE LOGIN BROWSE READ ..."
Implementation notes
Permissions
- Sending the above command with a NONE permission parameters does not yield a response of interest. This is that permissions matches all users, and thus will simply return the list of users sent in the request. To receive a useful response, such as what users have the permissions to read, update, set permissions, and so on, a "permissions" parameter is appended to the end of the path.
- For example, the following command will check which users have READ, UPDATE, and LOGIN permissions for a page (page ID = 2):
curl -u username:password -H "Content-Type: application/xml" -d @users.xml -i http://mindtouch.address/@api/deki/pages/2/allowed?permissions="READ UPDATE LOGIN"
- The response will contain a list of users who have one or more of those permissions for the specific page.
Permission Enumeration
| NONE | 0 |
| LOGIN | 1 |
| BROWSE | 2 |
| READ | 4 |
| SUBSCRIBE | 8 |
| UPDATE | 16 |
| CREATE | 32 |
| DELETE | 256 |
| CHANGEPERMISSION | 1024 |
| CONTROLPANEL | 2048 |
| UNSAFECONTENT | 4096 |
| ADMIN | 0x8000000000000000L |
curl flags
- -u
- Basic HTTP authentication. Sends a username and password to server so it can verify whether a user is of privilege to perform specific operation.
- -d @file
- Specifies a POST request and file to send.
- -H
- Replaces or appends an HTTP header. The "Content-Type" header specifies the MIME type of the value attached to the property. In this case, use application/xml since the document being passed is of type XML.
- -i
- Includes the HTTP response header in the output. Useful for debugging.
Example
A page (Page ID = 571) has been set to private. A user (User ID = 4) has been given full Contributor role permissions to the page. We want to verify what users from a list have the READ, UPDATE, and CREATE permissions for the specific page.
usersallowed.xml
Content-Type: text/plain
<users> <user id="1"/> <!-- admin userID, should be returned --> <user id="88"/> <!-- random users --> <user id="89"/> <user id="4"/> <!-- user with permissions to the page --> </users>
Sample Code
curl -u admin:password -H "Content-Type: application/xml" -d @usersallowed.xml -i http://192.168.59.128/@api/deki/pages/571/allowed?permissions="READ UPDATE CREATE"
HTTP Response Headers
HTTP/1.1 200 OK Date: Mon, 25 Jan 2010 23:19:44 GMT Server: Dream-HTTPAPI/2.0.0.17629 Microsoft-HTTPAPI/2.0 Content-Length: 45 Content-Type: application/xml; charset=utf-8 X-Data-Stats: request-time-ms=65; mysql-queries=4; mysql-time-ms=63; X-Deki-Site: id="default" Via: 1.0 dekiwiki Connection: close
HTTP Response Body
Content-Type: application/xml
<users>
<user id="1" />
<user id="4" />
</users>