Nodebb: Privilege is not getting assigned from the APIs

Created on 12 Jun 2020 · 3Comments · Source: NodeBB/NodeBB

NodeBB version: v1.13.x
NodeBB git hash: f879c4a84e137413f0bdd099e020ec0658124658
Installed NodeBB Plugins:

* nodebb-plugin-composer-default (installed, enabled)
* nodebb-plugin-dbsearch (installed, disabled)
* nodebb-plugin-emoji (installed, enabled)
* nodebb-plugin-emoji-android (installed, enabled)
* nodebb-plugin-markdown (installed, enabled)
* nodebb-plugin-mentions (installed, enabled)
* nodebb-plugin-soundpack-default (installed, enabled)
* nodebb-plugin-spam-be-gone (installed, disabled)
* nodebb-plugin-write-api (installed, enabled)
* nodebb-rewards-essentials (installed, enabled)
* nodebb-theme-lavender (installed, disabled)
* nodebb-theme-persona (installed, enabled)
* nodebb-theme-slick (installed, disabled)
* nodebb-theme-vanilla (installed, disabled)
* nodebb-widget-essentials (installed, enabled)
Database type: mongo
Database version: 4.2.3
Exact steps to cause this issue:
1. I am using nodebb-plugin-write-api , where I am using this API to assign privilege from Postman
  
  PUT /:cid/privileges Adds user or group privileges to a category Group privileges are prefixed with groups:, i.e. groups:topics:create Requires: privileges (array), groups (array)
2. http://127.0.0.1:4567/api/v2/categories/3/privileges This is the API I have hit using PUT method with body
  
  { "groups": [ { "name":"guests", "nameEscaped":"guests", "privileges": { "groups:chat":false, "groups:upload:post:image":true, "groups:upload:post:file":true, "groups:signature":false, "groups:ban":false, "groups:search:content":false, "groups:search:users":false, "groups:search:tags":false, "groups:view:users":false, "groups:view:tags":false, "groups:view:groups":false, "groups:local:login":false, "groups:group:create":false, "groups:view:users:info":false } } ] }
3. I am receiving a response
  
  { "code": "ok", "payload": {} }
4. I checked in the ACP but the privileges was not changed.
What you expected:

I expected privileges to change according to the request body.
What happened instead:

There were no changes in the privileges.
Thank you!

question

Source

darKnight0037

All 3 comments

Just linted the payload:

{
  "groups": [
    {
      "name": "guests",
      "nameEscaped": "guests",
      "privileges": {
        "groups:chat": false,
        "groups:upload:post:image": true,
        "groups:upload:post:file": true,
        "groups:signature": false,
        "groups:ban": false,
        "groups:search:content": false,
        "groups:search:users": false,
        "groups:search:tags": false,
        "groups:view:users": false,
        "groups:view:tags": false,
        "groups:view:groups": false,
        "groups:local:login": false,
        "groups:group:create": false,
        "groups:view:users:info": false
      }
    }
  ]
}

It looks like your payload is incorrect. According to the readme, you should be passing in an array of groups, and an array of privileges, and it looks like you're passing in a modified response body.

While it'd be nice if the API worked like that (pipe dreams!) try this request body instead:

{
    groups: ["guests"],
    privileges: ["groups:upload:post:image", "groups:upload:post:file"]
}

(Note that I truncated the list of privileges)

julianlam on 12 Jun 2020

👍1

Just linted the payload:
{
  "groups": [
    {
      "name": "guests",
      "nameEscaped": "guests",
      "privileges": {
        "groups:chat": false,
        "groups:upload:post:image": true,
        "groups:upload:post:file": true,
        "groups:signature": false,
        "groups:ban": false,
        "groups:search:content": false,
        "groups:search:users": false,
        "groups:search:tags": false,
        "groups:view:users": false,
        "groups:view:tags": false,
        "groups:view:groups": false,
        "groups:local:login": false,
        "groups:group:create": false,
        "groups:view:users:info": false
      }
    }
  ]
}
It looks like your payload is incorrect. According to the readme, you should be passing in an array of groups, and an array of privileges, and it looks like you're passing in a modified response body.

While it'd be nice if the API worked like that (pipe dreams!) try this request body instead:
{
    groups: ["guests"],
    privileges: ["groups:upload:post:image", "groups:upload:post:file"]
}
(Note that I truncated the list of privileges)

Thanks very much for the clarification about the APIs for setting group privileges. From the readme file, it is not very clear about how to pass the request body for assigning user privilege.

PUT /:cid/privileges
Adds user or group privileges to a category
Group privileges are prefixed with groups:, i.e. groups:topics:create
Requires: privileges (array), groups (array)

I tried passing it as
{ "user": "postmanuser", "privileges": ["upload:post:image", "upload:post:file","topics:create","topics:read","topics:tag"] }

But the response I am getting is

{ "code": "bad-request", "message": "Something was wrong with the request payload you passed in. | Invalid User ID", "params": {} }
Any help is much appreciated.
Thanks in advance

darKnight0037 on 12 Jun 2020

Pass in uids in the groups property. It's a little counter-intuitive... I'll probably get this fixed up in the next version of write-api

{
    groups: [1234],
    privileges: ["groups:upload:post:image", "groups:upload:post:file"]
}

Where 1234 is postmanuser's uid.

julianlam on 12 Jun 2020

👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Unable to remove/kick user from chat room

julianlam · 4Comments

Selecting category as a homepage

cryptoethic · 4Comments

Upload icons are confusing

djensen47 · 5Comments

html widget box and cover photo on profile page overlaps

AliCihan · 4Comments

"Super" admin?

tgmatt · 5Comments