How to read all users in a group using REST API in on demand Confluence?

Salvatore _Sax_ Cammarata September 4, 2015

Hi,

I cannot find the corresponding API here: 

https://docs.atlassian.com/atlassian-confluence/REST/latest/

PS The goal is to check if a user is granted with the update restriction on a page.

As far as I have understood, you can use the following REST API call to get a list of restrictions for a specific page

/confluence/rest/api/content/{contentID}/restriction/byOperation

In order to see if the user can edit the page, you need to check if the user is directly allowed or if he belong to any of the groups having the update restriction. Is this correct or there is a smarter way?

5 answers

0 votes
Salvatore _Sax_ Cammarata September 8, 2015

Hi Nick,
Thanks a lot, that's exactly what I was looking for!


 

0 votes
Nick Clarke
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 7, 2015

Hi Salvatore,

We've recently added an "operations" expansion on the /rest/api/content/{contentID} resource, which I think will suit your use case of determining whether to show the edit button:

/rest/api/content/{contentID}?expand=operations

This will add an "operations" property to the response, like this:

{
    id: "12345",
    type: "page",
    title: "My page",
    operations: [
        {
            operation: "read",
            targetType: "page"
        },
        {
            operation: "update",
            targetType: "page"
        },
        {
            operation: "delete",
            targetType: "page"
        }
    ]
    ...
}

This expansion shows the operations the requesting user is allowed to perform, taking into account both permissions and content restrictions.

So if the "update" operation is present, then the requesting user is able to edit the page.

It can be used on all Confluence resources that return Content and take an "expand" parameter, and is currently available for Page, BlogPost and Comment content types, with others to follow.

Stephen Deutsch
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 7, 2015

Wow, that's great! Looking at the documentation I see that it has been updated, but without this answer I wouldn't have thought to look. Would it be possible to include this sort of information in the release notes next time (or can this information be found somewhere else)?

Nick Clarke
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 8, 2015

Stephen - we intentionally hadn't made a big deal of this yet, as it's very new and only recently supported enough built-in content types to be widely useful. It will likely get talked about some more soon :)

0 votes
Stephen Deutsch
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 4, 2015

Hi Salvatore,

I'm not aware of any method using the REST API (actually, there's ui/1.0/content/{id}, but that's not on the Connect whitelist), but there is a way by using the JSON-RPC API.  More information can be found here: https://groups.google.com/forum/#!topic/atlassian-connect-dev/Pe6U-5HYFUs

You have to make two calls, one to get the page permissions and one to get the space permissions.  You could substitute /rest/api/content/{contentID}/restriction/byOperation for the first one (getPagePermissions), but you still need to run the RPC call to get space-level permissions (getPermissions).

However, since it's possible for there to also be group restrictions, I'm not sure how you'd get around that issue...

0 votes
Salvatore _Sax_ Cammarata September 4, 2015

The usecase is this one:

  • we have a connect dynamic macro from which we can launch a custom editor (i.e. without entering the edit mode of the page). 
  • we would like to hide the edit button in case the user is not granted with update restriction.

UserRestriction.png


PS By the way, is there already an issue in the here that I can watch?




0 votes
Adrien Ragot 2
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 4, 2015

There is no way to get the users of a group in Confluence (see In Connect, is it possible to see a user's groups and/or permissions?). @Travis Smith suggested that I submit an improvement request, but I didn't do it because I expect a "What is your usecase"-kind-of-response. If you do submit one, I'll upvote you!

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events