5 Replies Latest reply on Aug 12, 2016 9:54 AM by christof.nussbaumer

    Is there a way to send requests with admin privileges from script inside HTML Widget?

    christof.nussbaumer

      I want to check if a user is in a group. And this in a script inside a HTML Widget on an Overviewpage.

      Actually I send a request in context of user to get a custom property from user profile. But I don't like to update this property additional to group membership for each user.

       

      I see there is a node specified in the API to get this membership:

      https://developers.jivesoftware.com/api/v3/cloud/rest/SecurityGroupService.html

      GET /securityGroups/{securityGroupID}/members/{personID}

       

      But this is available to Jive admins only

       

      Is there a way to send request with admin privileges from script inside a HTML Widget?

       

      Version: jive-x cloud  (Jive SBS 2016.2.2.1)

       

      Thanks for your answers.

      Best Reagards

      Christof

        • Re: Is there a way to send requests with admin privileges from script inside HTML Widget?

          Not directly. Well, unless you want to embed admin credentials in the HTML, which would be...bad.

           

          I'm not entirely clear what information you're trying to pull for the current user. Is it membership in a security group? Or is it the value of a custom profile property?

           

          What would be possible is to create an API on a middleware server that queries Jive using elevated privileges. So your HTML widget would call a service on the middleware server, that in turn calls Jive as an admin. This way, the admin credentials wouldn't be exposed to the world. There might still be security implications (how does the middleware server know that the indicated person is actually making the API call?), but nothing that can't be resolved.

          1 person found this helpful
          • Re: Is there a way to send requests with admin privileges from script inside HTML Widget?
            DominicG

            Is this what you're trying to do? This will pull a list of security groups for the current user. It doesn't require admin for them to view their own groups.

            https://community.jivesoftware.com/api/core/v3/people/@me/securityGroups

            2 people found this helpful
              • Re: Is there a way to send requests with admin privileges from script inside HTML Widget?
                christof.nussbaumer

                Yes, you're right. Exactly what I'm looking for

                 

                Thank you Dominic G!

                 

                This is what I'm using now on Overviewpages:

                <script src="//ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
                <script type="text/javascript" charset="utf-8">
                
                
                function doSomeStuffPermissionBased() {
                    var rootUrl = "https://"+window.location.hostname;
                    var restEndPoint = rootUrl + "/api/core/v3/people/@me/securityGroups";
                
                
                    var groupOneID = '1001';
                    var groupTwoID = '1002';
                    var groupThreeID = '1003';
                    var groupSystemAdminID = '1';
                
                
                    $.get (
                        restEndPoint,
                        function(data) {
                            var jsonString = data.replace("throw 'allowIllegalResourceCall is false.';", "");
                            var json = JSON.parse(jsonString);
                        
                            $.each(json, function(i, val) {            
                                if (i == "list") {
                                    for (var p = 0; p < val.length; p++) {
                            
                                        if (val[p].id == groupOneID) {
                                            // User is in security group with ID    groupOneID
                                        }
                            
                                        if (val[p].id == groupTwoID) {
                                            // User is in security group with ID    groupTwoID
                                        }
                            
                                        if (val[p].id == groupThreeID) {
                                            // User is in security group with ID    groupThreeID
                                        }
                            
                                        if (val[p].id == groupSystemAdminID) {
                                            // User is a System Admin
                                        }
                                    }
                                }
                            });
                        },
                        "text"
                    );
                }
                
                
                doSomeStuffPermissionBased();
                
                
                </script>
                
                

                 

                If you have any suggested improvements, please let me know