Merge pull request #68 from topcoder-platform/issues-468

Add endpoints to get user permissions

Author: jmgasper

DebugPlugin/controllers/api/PermissionApiController.php

@@ -0,0 +1,67 @@
+<?php
+
+use Garden\Web\Exception\ClientException;
+use Garden\Schema\Schema;
+use Vanilla\Utility\InstanceValidatorSchema;
+use Garden\Web\Data;
+use Garden\Web\Exception\NotFoundException;
+use Garden\Web\Exception\ServerException;
+use Vanilla\ApiUtils;
+
+/**
+ * Permission API Controller for the `/permission` resource.
+ */
+class PermissionApiController extends AbstractApiController {
+
+    /**
+     * Get default user permissions
+     * @param $userID
+     * @return Data
+     * @throws \Garden\Web\Exception\HttpException
+     * @throws \Vanilla\Exception\PermissionException
+     */
+    public function index($userID) {
+        $this->permission('Garden.Settings.Manage');
+        if (!Gdn::userModel()->getID($userID)) {
+            throw notFoundException('User');
+        }
+        $userPermissions = Gdn::userModel()->getPermissions($userID);
+        $data = [
+            'userPermissions' => $userPermissions,
+        ];
+        return $data;
+    }
+
+    /**
+     * Get user permissions for a category
+     * @param $userID
+     * @param $categoryID
+     * @return Data
+     * @throws \Garden\Web\Exception\HttpException
+     * @throws \Vanilla\Exception\PermissionException
+     */
+    public function get($userID, $categoryID) {
+        $this->permission('Garden.Settings.Manage');
+
+        if (!Gdn::userModel()->getID($userID)) {
+            throw notFoundException('User');
+        }
+
+        $category =  CategoryModel::categories($categoryID);
+        if (!$category) {
+            throw notFoundException('Category');
+        }
+        $groupID = val('GroupID', $category, null);
+        $data = [
+            'GroupID' => $groupID,
+            'PermsGroupView' => $groupID? GroupModel::getGroupRoleFor($userID, $groupID) : null,
+            'PermsDiscussionsView' => CategoryModel::checkPermission($category, 'Vanilla.Discussions.View', true, $userID),
+            'PermsDiscussionsAdd' => CategoryModel::checkPermission($category, 'Vanilla.Discussions.Add', true, $userID),
+            'PermsDiscussionsEdit' => CategoryModel::checkPermission($category, 'Vanilla.Discussions.Edit', true, $userID),
+            'PermsCommentsAdd' => CategoryModel::checkPermission($category, 'Vanilla.Comments.Add', true, $userID),
+            'PermsDiscussionsUploads' => CategoryModel::checkPermission($category, 'Vanilla.Discussions.Uploads', true, $userID),
+            'PermsCommentsUploads' => CategoryModel::checkPermission($category, 'Vanilla.Comments.Uploads', true, $userID)
+        ];
+        return $data;
+    }
+}

DebugPlugin/openapi/permission.yml

@@ -0,0 +1,52 @@
+openapi: 3.0.2
+info: Vanilla Permission API
+paths:
+  /permission/{userID}/{categoryID}:
+    get:
+      parameters:
+        - description: UserID to check.
+          in: path
+          name: userID
+          schema:
+            type: integer
+        - description: CategoryID to check.
+          in: path
+          name: categoryID
+          schema:
+            type: integer
+      responses:
+        '200':
+          content:
+            'application/json':
+              schema:
+                items:
+                  $ref: '#/components/schemas/Records'
+                type: array
+          description: Success
+      tags:
+        - Data
+      summary: List records.
+  /permission/{userID}:
+    get:
+      parameters:
+        - description: UserID to check.
+          in: path
+          name: userID
+          schema:
+            type: integer
+      responses:
+        '200':
+          content:
+            'application/json':
+              schema:
+                items:
+                  $ref: '#/components/schemas/Records'
+                type: array
+          description: Success
+      tags:
+        - Data
+      summary: List records.
+components:
+  schemas:
+    Records:
+      type: object