Skip to main content

List resources with permissions

On which folders does user Sebastian have read permissions for the file resource type?

Listing resources with permissions shows all resources of a resource type of a tenant, that a subject has a specific permission on. It lists resources with explicitly assigned permissions as well as those with implicitly inherited permissions, when using a multi-level hierarchy.

The output format can be varied between a list of the full resources or a simpler list of just the resource IDs, which is useful for filtering.

Use case

Listing resources with permissions is useful to show a user the resources, he has access to and to search results by those resources, the user is allowed to access.

Flow

Scenario: User Bob logs into your application and wants to see all folders he is allowed to see on one view.

➊ Your Frontend requests all folders where Bob has access to at your Backend

➋ Your Backend requests all resources of type folder, where Bob has the read permission on from Space Blocks

➌ Space Blocks responds with a list of folder IDs

➍ Your Backend queries your database for all folders with these IDs

➎ You Backend returns the results to your Frontend

Usage

To list all resources with specific permissions, we use the tenant's ListResources API.

  • /tenants/<TENANT_ID>/resources/<RESOURCE_TYPE_SLUG>

The following query parameters are required:

  • subjectId: The ID of the subject to check permissions for
  • permissionScope: The resource type ID on which the permission to check is defined
  • permission: The permission ID to check

Example:

  • /tenants/456/resources/folder?subjectId=123&permissionScope=files&permission=read

Request:

curl -i --location /tenants/<TENANT_ID>/resources/<RESOURCE_TYPE_SLUG>?subjectId=<SUBJECT_ID>&permissionScope=<RESOURCE_TYPE_SLUG>?permission=<PERMISSIONS_SLUG> \
  --header "Content-Type: application/json" \
  --header "Authentication: Bearer <YOUR_ACCESS_TOKEN>" \
  --header "apiKey: <YOUR_API_KEY>"

Example Response:

[
  {
    "id": "12345",
    "parentId": "789",
    "isInheritanceDisabled": false,
    "members": {}
  },
  {
    "id": "67890",
    "parentId": "789",
    "isInheritanceDisabled": false,
    "members": {}
  }
]

ID-array response

In addition to the full response, the API also supports a simplified response format, which only contains the resource IDs. This is useful for filtering. To get the simplified response, you can add the /select/id path to the API URL, like this:

  • /tenants/<TENANT_ID>/resources/<RESOURCE_TYPE_SLUG>/select/id

Request:

curl -i --location /tenants/<TENANT_ID>/resources/<RESOURCE_TYPE_SLUG>/select/id?subjectId=<SUBJECT_ID>&permissionScope=<RESOURCE_TYPE_SLUG>?permission=<PERMISSIONS_SLUG> \
  --header "Content-Type: application/json" \
  --header "Authentication: Bearer <YOUR_ACCESS_TOKEN>" \
  --header "apiKey: <YOUR_API_KEY>"

Example Response:

["12345", "67890"]