Within a Compass app, how can I check if a user is permitted to perform actions, link creating, updating and deleting component links?
I’m just not able to find any Compass authorization API.
1 Like
@EnriqueSerranoValle @ibuchanan do you know anyone that can pitch in on this?
@markrekveld Compass has the api/compass/v1/entitlements API to expose user permissions, but I believe the UI is the main caller of that one. We don’t currently restrict link creation or modification based on user role, do we? What’s the use case that you have in mind?
Is this currently an internal API? I have not found this API in the Compass docs.
Not that I found, also the reason for asking.
Mainly creating, updating and deleting component links. For my app, a user can create, update, delete links not only using the right context menu on the overview page of a component, but the also on a dedicated component page provided by the app.
On this page users can also create, update and delete links, but by selecting objects instead of providing the link itself.
However I doubt that every single user visiting the component should be able to manage this. I’m sure that it is intended use is to have users that manage the component details, links, etc and users that only consume the details, links, etc. to build knowledge and connections with the team managing the component.
Or is my understanding incorrect?
1 Like
You’re right @markrekveld - it’s more of an internal API called from the UI but not really exposed to the Forge apps right now. The permissions model in Compass is relatively flat today, so all site users would now have permissions to manage these links. I don’t have a specific timeline, but this is something that will be refined in Compass in the future.
3 Likes
Okay, thanks for clarifying that @EnriqueSerranoValle I’ll keep to the same model then and not implement and permission checks myselve.
2 Likes