BIM 360 Check Permissions

Question

I have created a user with view only permission to a folder. When checking if the user has admin permission the value being returned is true when it should be false.

Our application is using 3 legged Oauth. I have tested using two legged auth via Postman and receive the correct response. The problem appears to only be related when using 3 legged authorization. I have verified the user Id associated with the token by issuing a GET to https://developer.api.autodesk.com/userprofile/v1/users/@me

To check the user's permissions I am doing a POST to: https://developer.api.autodesk.com/data/v1/projects/my-project-id/commands

{
   "jsonapi":{
      "version":"1.0"
   },
   "data":{
      "attributes":{
         "extension":{
            "data":{
               "requiredActions":[
                  "admin"
               ]
            },
            "type":"commands:autodesk.core:CheckPermission",
            "version":"1.0.0"
         }
      },
      "relationships":{
         "resources":{
            "data":[
               {
                  "type":"folders",
                  "id":*folder-urn-goes-here*
               }
            ]
         }
      },
      "type":"commands"
   }
}

(1) you said it worked with 2LO, are you using impersonation? (2) is this only for this user or for all? (3) what's the 3LO scope your app is using? — Augusto Goncalves, Oct 14 '19 at 21:13
When performing the 2LO I am using our client id, client secret, and requesting a scope of data:read. I then use the returned access token and add the x-user-id header specifying the account that I wish to check. This works as expected. For 3LO I decoded the access token and verified that it contains the correct user id and specified scopes of data:write, data:read, data:create. I am only testing with two accounts; one that has admin priv to all of the folders, and the other that has view only. — whitemtnelf, Oct 15 '19 at 12:51

score 0 · Answer 1 · answered Oct 15 '19 at 23:39

Here is what I did:

At the product, for my testing account, set the permission to View:

For that user, get a 3 legged token

POST https://developer.api.autodesk.com/data/v1/projects/b.abcd-1234/commands:

{
   "jsonapi":{
      "version":"1.0"
   },
   "data":{
      "attributes":{
         "extension":{
            "data":{
               "requiredActions":[
                  "admin"
               ]
            },
            "type":"commands:autodesk.core:CheckPermission",
            "version":"1.0.0"
         }
      },
      "relationships":{
         "resources":{
            "data":[
               {
                  "type":"folders",
                  "id":"urn:adsk.wipprod:fs.folder:co.abcd1234"
               }
            ]
         }
      },
      "type":"commands"
   }
}

Response

{
    "jsonapi": {
        "version": "1.0"
    },
    "data": {
        "type": "commands",
        "id": "05526951-238f-4d62-9b6f-45802bd78a1e",
        "attributes": {
            "status": "complete",
            "extension": {
                "type": "commands:autodesk.core:CheckPermission",
                "version": "1.0",
                "schema": {
                    "href": "https://developer.api.autodesk.com/schema/v1/versions/commands:autodesk.core:CheckPermission-1.0"
                },
                "data": {
                    "requiredActions": [
                        "admin"
                    ],
                    "permissions": [
                        {
                            "type": "folders",
                            "id": "urn:adsk.wipprod:fs.folder:cabcd1234",
                            "permission": false
                        }
                    ]
                }
            }
        },
        "relationships": {
            "resources": {
                "data": [
                    {
                        "type": "folders",
                        "id": "urn:adsk.wipprod:fs.folder:co.abcd1234",
                        "meta": {}
                    }
                ]
            }
        }
    }
}

As expected, the requiredActions:admin comes as "permission": false.

I created a new test account and I did receive the expected response. However the original test account is still returning true when I expect false. If you would privately message me I can share the account info with you — whitemtnelf, Oct 16 '19 at 18:17
I see you (or your team) contacted us, but don't have your direct email... can you reach us at forge.help at autodesk dot com? — Augusto Goncalves, Oct 16 '19 at 18:22

BIM 360 Check Permissions

1 Answers1