4 Replies Latest reply on Aug 10, 2016 3:51 PM by paripirala RSS
    paripirala Apprentice

    Rest API to get Things that user has permission to

    We want to query for all the Things that a user (current user) has permission to and based on the ThingTemplate of the Thing or based on a property on the Thing. Could you please let us know how can we achieve this with Restful API.

     

    *Edit*

    We can consider filtering by design time read or run time read.

     

    Thanks

      • Re: Rest API to get Things that user has permission to
        Ankit Gupta Ninja

        Hi Pavan,

         

        By default; ThingWorx system shows only the entities for which user has visibility permission.

        Sample RestAPI example:

        https://<Thingworx_URL_Here>/Thingworx/ThingTemplates/<ThingTemplate_Name_Here>/ImplementingThings/

        For e.g. if user has visibility to only two Things out of five implementing Thing of the Thing Template; he/she will receive the two he/she has access to as response. Here I am considering that user has access to the ThingTemplate whose Implementing Thing we want to view.

         

        I hope it helps.

         

        Thanks,

        Ankit Gupta

          • Re: Rest API to get Things that user has permission to
            paripirala Apprentice

            Hi Ankit Thanks for providing the Rest API.

             

            2 issues:

            1. Even though the user does not have any access to the ThingTemplate, the user can execute this service from a Postman using the Basic Authentication in header.

            Does this API go by the visibility (Orgs and Org Units) or by Runtime permissions for filtering out the results?

             

            2. It is returning all the implementing things even though I did not set the visibility to any org.

            Does it return results based only visibility of the Thing or Design Time or Run time permissions?

             

             

            Thanks

             

            Pavan

              • Re: Rest API to get Things that user has permission to
                Ankit Gupta Ninja

                Hi Pavan,

                 

                It seems that you have users group added in the Everyone organization. Could you please remove users from Everyone organization and recheck.

                Also, please share the ThingWorx version you are on.

                 

                Thanks,

                Ankit Gupta

                  • Re: Rest API to get Things that user has permission to
                    paripirala Apprentice

                    Hi Ankit,

                     

                    After removing the "users" group from "Everyone" organization now the user is not seeing any Things, which is what is wanted. Now I started to build the custom org tree to assign the visibility to Things. However the Org to Thing visibility is not working as intended.

                     

                    Here is the scenario

                    • "My company Everyone" Org is at top level where all the users are assigned to. When a new user is created, that user will be added to this "My Company Everyone" org unit.
                    • Then a child org called "Department A" Org unit is added.
                    • ThingTemplate (TT) is implemented by 10 Things.
                    • 5 of those Things are for Department A. Only people in Department A are supposed to view Things related to that department.
                    • Visibility on those 5 Things for Dept. A are assigned with "Department A" Org unit.

                     

                    User UA1 is assigned to "Department A" org unit. When this user logs in or when invoking the API that you have provided, it is correctly displaying 5 Things.

                    I added a new user UA2 and is not assigned to "Department A". However this user also is seeing those 5 Things. This is not expected.

                     

                    How do I resolve this?

                     

                    Thanks

                     

                    Pavan