Perform an Authorization Check
Performs an authorization check for the currently authenticated user.
Method
GET /authorization/check
Parameters
Query Parameters
| Name | Description | Required? |
|---|---|---|
| permissionName | String value representing the permission name to check for. | Yes |
| resourceName | String value for the name of the resource to check permissions for. | Yes |
| resourceType | An integer representing the resource type to check permissions for. See the User Guide for a list of integer representations of resource types. | Yes |
| resourceId | The id of the resource to check permissions for. If left blank, a check for global permissions on the resource is performed. | No |
| userId | The id of the user to check permissions for. The currently authenticated user must have a READ permission for the Authorization resource. If userId is blank, a check for the currently authenticated user is performed. |
No |
Result
A JSON array with the following properties:
| Name | Value | Description |
|---|---|---|
| permissionName | String | Name of the permission which was checked. |
| resourceName | String | The name of the resource for which the permission check was performed. |
| resourceId | String | The id of the resource for which the permission check was performed. |
| isAuthorized | Boolean | True / false for isAuthorized. |
Response Codes
| Code | Media type | Description |
|---|---|---|
| 200 | application/json | Request successful. |
| 400 | application/json | Returned if some of the query parameters are invalid, for example if a permission parameterName is not valid for the provided resourceType. See the Introduction for the error response format. |
| 401 | application/json | The user is not authenticated. See the Introduction for the error response format. |
| 403 | application/json | When a userId is passed and the user does not possess a READ permission for the Authorization resource. See the Introduction for the error response format. |
| 404 | application/json | Authorization with given id does not exist. See the Introduction for the error response format. |
Example
Request
GET /authorization/check?permissionName=READ,resourceName=USER,resourceType=1,resourceId=jonny
Response
Status 200.
{
"permissionName": "READ",
"resourceName": "USER",
"resourceId": "jonny",
"isAuthorized": true
}