5 Replies Latest reply on Feb 16, 2018 7:41 AM by james1.hicks

    Use Rest API to get user security groups to display additional sections of a custom Add On based on group?

    james1.hicks

      I want to be able to target each user's security groups to check if they are in a particular group in order to display an additional section of our Add On. Is this possible? I was reading the API and I am confused on whether I can in fact target the security groups.

       

      1. Is this possible to target a user's security groups? Or is there not a straight forward way I should go about this?

      2. If it is possible, will the call work if a user is not an admin? Would want every user who uses the add on to go through the check of whether they are in the security group.

      3. If possible, can you provide an example of how this can be done? The documentation on the REST API is a little lacking.

       

       

      Thank you

        • Re: Use Rest API to get user security groups to display additional sections of a custom Add On based on group?
          jgoldhammer
          You can use following endpoint :


          https://developers.jivesoftware.com/api/v3/cloud/rest/PersonService.html#getSecurityGroups(String,%20String)


          Url for the current user:

          /people/@me/securityGroups


          This will return the names of the security Group the user is member of...

            • Re: Use Rest API to get user security groups to display additional sections of a custom Add On based on group?
              james1.hicks

              Ah nice, is the @me portion of the call laid out somewhere in the documentation? I was unaware that was a possibility.

               

              Also, do you know if non admins can make this call successfully? I was reading somewhere in the docs that certain calls only admins have access to.

               

              Do you know if there are similar functionalities for osapi? We have two instance, one is a legacy one still on Jive 6 that uses osapi. Haven't been able to find a straight forward way to access the security groups besides calling all security groups, find the one I need, and then cross referencing the people in that group.

              • Re: Use Rest API to get user security groups to display additional sections of a custom Add On based on group?
                james1.hicks

                I'm getting a 401 Unauthorized when I make the call. Are there caveats to making calls this way? When I use Postman, I'm able to make the call. I assumed because I was making a call to the instance when I am in the instance (in an add on) that I would not need any authorizations in my GET request. When using osapi, I do not need to provide anything.

                  • Re: Use Rest API to get user security groups to display additional sections of a custom Add On based on group?
                    jgoldhammer

                    OSAPI is running in browser context and you already have an authentication context. OSAPI uses the cookies applied to the current user session.

                    When running via postman, you have to use OAuth2 to do authenticated calls.

                     

                    Steps in a nutshell :

                     

                    • Create a OAuth2 addon and install it in Jive as Jive Admin
                    • Use the generated clientid and secret in postman (Grant type = client credentials) to generate a new oauth2 access token
                    • Use the new oauth2 access token as http header in your requests to Jive


                    A helpful link is Auth 2.0—Creating a Client and Managing Access

                     

                    I hope, this helps.

                      • Re: Use Rest API to get user security groups to display additional sections of a custom Add On based on group?
                        james1.hicks

                        When I use Postman, I am able to make the call because of an extension that sends cookies to my desktop app, which for obvious reasons works on our Cloud and Hosted instance. I actually figured a way to use cookies to allow me to make calls to our Hosted version as well. We utilize the OAuth2 Add-On to make calls to our Cloud version when not in the instance, works great.

                         

                        But we do have a Hosted version (Jive 6) that does not have Add-Ons and so we are relying on OSAPI to make calls within our instance. Is there a similar authentication method for Hosted as with an Add-On method that can be used to access the API?

                         

                        Def most of the calls we are making in our Cloud and Hosted instances are within our add-ons (or html widgets) so I imagine OSAPI would still be the way to go if inside our instances when attempting to get the security groups of a person?

                         

                        There are scripts we run successfully within our apps to get people (using osapi.core.people.get) and then add external props to them for simple checks in our apps. This is done mainly in our Cloud version.

                         

                        When attempting to get an individual's security groups (in both Cloud and Hosted instances), I found I had to go the route of osapi.core.securityGroups.getMembers() and pass in the security group ID and then just return every member in that security group, build an array, and then check if the current user is in that array to then display certain UI elements. Obviously this is not optimal. I'd love to just be able to go directly to the person's security group list (which your '/people/@me/securityGroups' does when I test it on Postman because of my session cookies). However, when I add the call to my application and put it on my instance, I get a 401 (which is weird since I am making the call within the instance). OSAPI seems to be the best bet for doing this in order to stay in line with what the legacy code follows. But I am not sure there is an OSAPI method for targeting a person's security groups directly within an Add On.