Fastest way to check whether the user is admin from app backend

jerry.laster · August 26, 2021, 5:23pm

Hi @paulo.alves. Have you found a solution?
This allows for privilege escalation, where a user can get the token from an administrator and make a call to the endpoint without being an administrator using postman or similar.
Thanks,
Jerry

paulo.alves · September 2, 2021, 9:43am

Hi @jerry.laster,
We are checking the user permissions for every single service using the Atlassian REST API.
Best,
Paulo Alves.

NikaKhvichia · June 23, 2022, 9:01am

Hi @paulo.alves ,
Which service are you using?

CarlosMaderaDISH · October 23, 2023, 7:57pm

https://developer.atlassian.com/cloud/confluence/rest/v1/api-group-users/#api-wiki-rest-api-user-current-get

I used this and expanded operations and got an administer operation.