Determining what actions user is permitted using Trello REST API

Hi,

Once I have a Trello REST API user token (read & write) and can list the boards the user can access (either ones they own, or ones they have joined such as Trello), how can I determine what actions are permitted?

Specifically for a board, how can I tell if they are allowed to create lists, or for lists how can I determine if they can create/move cards, for cards if they can comment, or modify the description etc? Same for checklists, checkboxes, etc.

I’m aware of permissionLevel in the board’s “prefs” but I’ve not seen this documented anywhere and I’m not sure if it is directly relevant.

Thanks,

Damian

Also posted at Solved: Determining what actions user is permitted using R...

Hi @dmehers!

This is a great question and something we don’t have a lot of documentation on right now. There isn’t a one-stop answer for this, unfortunately. Piecing together the entire permissions picture requires checking out a few things.

A board member can always move cards, comment, add lists, etc. You can tell whether a user is a member of a board via: /1/boards/{idBoard}/memberships/. There are three types of memberships: admin, normal, and observer. The primary difference between admin and normal is that admins are able to edit some of the board settings. So long as the user is a member of the board, they can do everything on the board.

observer member types can view cards, and can be allowed to comment, react, and vote. Can’t move or edit cards, or change settings.

The can be allowed to... bit of that is controlled via the comments values in a board’s prefs retrieved via 1/boards/{idBoard}:

"prefs": {
  "permissionLevel": "org",
  "hideVotes": false,
  "voting": "disabled",
  "comments": "org",
  "invitations": "admins",

The comments key has five possible values: disabled, members, observers, org, public

Remember, these are set at the board level. In addition to their value in code, they have a name/title that is displayed to users via the board visibility button located at the top left of a board (just left of board member avatars). They are as follows:

disabled - Disabled - No one can comment.
members - Members - Admins and Board members can comment and react
observers - Members and Observers - Admins, Board Members, and Observers and comment and react.
org - Team Members - Admins, Board Members, Observers, and Team Members can comment and react.
public - Any Trello User - Any Trello User can comment and react, provided they can see this board.

Thanks Bentley this is a great first pass!

I’ve not had a chance to use this yet, since first I want to see if anyone will use what I’ve made :slight_smile: I just released a beta - it’s an Apple Watch app that lets you use Trello: https://kanbann.com/

@bentley I’m working on implementing this, and wondered if you had any insights on the “org” level for comments. Would I be right in thinking that I need to look at the board 's idOrganization and see if it is an id from the member’s idOrganizations?

Thanks!

Yep! That sounds right.

2 Likes