2 Replies Latest reply on Dec 2, 2014 4:58 AM by mattdickens

    How to check if current user has Manage system, Manage Community or Full Access via JavaScript

    mattdickens

      As the title states, I would like to determine whether the current user has one of the admin roles above. I'm not looking to use it as any real security - I just want to hide a widget when a group/space is being edited unless they are an admin. This is because the widget will contain some custom JS that other widgets on the page can utilise and I don't want the system to strip out the JS when a non-admin attempts to edit and save the widget.

       

      something like:

       

      var frameid = window.frameElement.id; //e.g. widgetIframe4841995    
      if (window.parent.document.getElementById('jive-widgets-panel') && isCurrentUserAdmin()) { 
           window.parent.document.getElementById('jive-widgetframe_' + frameid.substring(12)).style.display = "block";
      } else {
           window.parent.document.getElementById('jive-widgetframe_' + frameid.substring(12)).style.display = "none";
      }
      

       

      If it's not possible to check for specific permissions/roles, I thought it might be able to attempt to check something that is restricted to admins only and so determine the rights based on the success/failure response.

       

      Any suggestions would be very much appreciated. When I've got it working, I'll share the widget snippet which I hope will be of benefit to others.

        • Re: How to check if current user has Manage system, Manage Community or Full Access via JavaScript
          mattdickens

          Well it seems this isn't directly possible via REST but I have found that the JiveProperty service is mostly restricted to Jive admins.

           

          Jive REST Rest API v3.8 → JiveProperty service

           

          If I attempt to retrieve the system properties as a non admin via this endpoint:

           

          /api/core/v3/admin/properties?count=1

           

          ...I get the following which I guess I can check for:

           

          throw 'allowIllegalResourceCall is false.';
          {
            "error" : {
            "message" : "The requesting user is not a Jive admin",
            "status" : 403
            }
          }
          
          
          

           

          I know it's a bit of a kludge but it's my only option unless someone has a better suggestion.

            • Re: Re: How to check if current user has Manage system, Manage Community or Full Access via JavaScript
              mattdickens

              For anyone who's interested, here's what I came up with. I decided it was better to simply hide the edit button on the widget rather than hide it altogether in edit mode. I have however hidden the whole widget in read mode as the purpose of my code is to make changes to other widget(s) on the page rather than render anything in its own frame.

               

              Below is what a non-admin sees. Notice the lack of the edit drop-down button on the right hand side of the widget:

              non-editable.PNG

               

              <script>
                  /* Code to restrict editing of HTML widget containing JavaScript to prevent
                   non-admins from inadvertently causing its removal when attempting to save. */
                  var $;
                  var frameid = window.frameElement.id;
                  runWhenJQueryIsLoaded();
              
                  function runWhenJQueryIsLoaded() {
                      if (window.parent.$j) {
                          $ = window.parent.$j; //We'll use the parent window's jQuery
                          widgetEditability();
                      } else {
                          setTimeout(runWhenJQueryIsLoaded, 50);
                      }
                  }
              
                  function widgetEditability(){
                      var framenum = frameid.substring(12);
                      if (window.parent.document.getElementById('jive-widgets-panel')) { // This overview page is being edited
                          $('#jive-widgetframe_' + framenum).show(); //Unhide this HTML widget
                          if(window.parent.containerType != "14"){ //This is a Group or Project overview page. Administrators of Spaces can save JavaScript.
                             $('#jive-widgetframe-title_' + framenum).text("THIS HTML WIDGET CONTAINS JAVASCRIPT FUNCTIONS. AS SUCH IT IS ONLY EDITABLE BY SYSTEM ADMINS.");
                             var restEndPoint = "/api/core/v3/admin/properties?count=1";
                             var data = $.ajax({type: "GET", url: restEndPoint, async: false}).responseText;
                             var jsonString = data.replace(/^throw [^;]*;/, '');
                             var json = JSON.parse(jsonString);
                             if (json.list) { //if system properties can be accessed, this must be an admin so we can allow the widget to be edited.
                                 $('#jive-widgetframe-edit_' + framenum).show(); //Show this html widget's edit button
                             } else {
                                 $('#jive-widgetframe-edit_' + framenum).hide(); //Hide this html widget's edit button
                             }
                          }
                      } else {
                          $('#jive-widgetframe_' + framenum).hide() //Hide this whole html widget frame in read mode ...
                          initialise() //and run the code.
                      }
                  }
              
                  function initialise() {
                  //function to do whatever you want
                  }
              
              </script>
              
              
              
              
              
              
              
              
              
              
              1 person found this helpful