Skip to main content

pages/{pageid}/security (PUT) (SAP KC)

Overview

Set page security info

  • REST Method: PUT
  • Method Access: public

Uri Parameters

Name Type Description
pageid string either an integer page ID, "home", or "=" followed by a double uri-encoded page title

Query Parameters

Name Type Description
authenticate bool? Force authentication for request (default: false)
cascade {none,delta,absolute}? none: Permissions are not cascaded to child pages; deltas: Changes between given page's security and proposed security cascaded to child nodes; absolute: Proposed security is set on child pages. Default: none
redirects int? If zero, do not follow page redirects.

Return Codes

Name Value Description
OK 200 The request completed successfully
Bad Request 400 Invalid input parameter or request body
Forbidden 403 Change permissions access to the page is required
Not Found 404 Requested page could not be found

Message Format

Input:

<security>
    <permissions.page>
        <restriction>{text}</restriction> 
    </permissions.page>
    <grants>
        <grant>
            <permissions>
                <role>{text}</role> 
            </permissions>
            <user id="{int}"></user>
            <date.expires>{date}</date.expires> 
        </grant>
        <grant>
            <permissions>
                <role>{text}</role> 
            </permissions>
            <group id="{int}"></group>
            <date.expires>{date}</date.expires> 
        </grant>
        ...
    </grants>
</security>

Output:

<security href="{uri}">
    <permissions.effective>
        <operations mask="{int}">{text}</operations> 
    </permissions.effective>
    <permissions.page>
        <operations mask="{int}">{text}</operations> 
        <restriction>{text}</restriction> 
    </permissions.page>
    <grants>
        <grant>
            <permissions>
                <operations mask="{int}">{text}</operations> 
                <role id="{int}" href="{uri}">{text}</role> 
            </permissions>
            <user id="{int}" href="{uri}">
                <nick>{text}</nick> 
                <username>{text}</username> 
                <email>{text}</email> 
            </user>
            <date.expires>{date}</date.expires> 
            <date.modified>{date}</date.modified> 
            <user.modifiedby id="{int}" href="{uri}">
                <nick>{text}</nick> 
                <username>{text}</username> 
                <email>{text}</email> 
            </user.modifiedby>
        </grant>
        <grant>
            <permissions>
                <operations mask="{int}">{text}</operations> 
                <role id="{int}" href="{uri}">{text}</role> 
            </permissions>
            <group id="{int}" href="{uri}">
                <name>{text}</name> 
            </group>
            <date.expires>{date}</date.expires> 
            <date.modified>{date}</date.modified> 
            <user.modifiedby id="{int}" href="{uri}">
                <nick>{text}</nick> 
                <username>{text}</username> 
                <email>{text}</email> 
            </user.modifiedby>
        </grant>
        ...
    </grants>
</security>

Implementation Notes

The permissions.page element sets the page restriction.  The grants section replaces all existing grants on the page.  Use POST:pages/{pageid}/security to add or remove particular grants.

Currently defined page restrictions are:

  • Public: All users can read and edit
  • Semi-Public: All users can read, but only selected users can edit
  • Private: Only selected users can read and edit

Use GET:site/roles to retrieve a list of roles currently defined for the site.

C# Sample: Set Home Page Security Settings

The following code example sets the home page security settings.  It updates the page restriction to private and grants Contributor access to the user with ID 2.  The grant is set to expire one year from today:

Sample Code

Plug p = Plug.New("http://help.mindtouch.us/@api/deki");
p.At("users", "authenticate").WithCredentials("admin", "password").Get();
XDoc securityDoc = new XDoc("security")
    .Start("permissions.page")
        .Elem("restriction", "Private")
    .End()
    .Start("grants")
        .Start("grant")
            .Start("permissions")
                .Elem("role", "Contributor")
            .End()
            .Start("user").Attr("id", 2).End()
            .Elem("date.expires", DateTime.Today.AddYears(1))
        .End()
    .End();
p.At("pages", "home", "security").Put(securityDoc);

Sample Response from executing Code

<security href="http://help.mindtouch.us/@api/deki/pages/29/security">
    <permissions.effective>
        <operations mask="9223372036854779199">LOGIN,BROWSE,READ,SUBSCRIBE,UPDATE,CREATE,DELETE,CHANGEPERMISSIONS,CONTROLPANEL,ADMIN</operations> 
    </permissions.effective>
    <permissions.page>
        <operations mask="1">LOGIN</operations> 
        <restriction id="3" href="http://help.mindtouch.us/@api/deki/site/roles/3">Private</restriction> 
    </permissions.page>
    <grants>
        <grant>
            <permissions>
                <operations mask="1343">LOGIN,BROWSE,READ,SUBSCRIBE,UPDATE,CREATE,DELETE,CHANGEPERMISSIONS</operations> 
                <role id="4" href="http://help.mindtouch.us/@api/deki/site/roles/4">Contributor</role> 
            </permissions>
            <user id="1" href="http://help.mindtouch.us/@api/deki/users/1">
                <nick>Admin</nick> 
                <username>Admin</username> 
                <email>admin@mindtouch.com</email> 
            </user>
            <date.modified>2007-09-06T06:26:47Z</date.modified> 
            <user.modifiedby id="1" href="http://help.mindtouch.us/@api/deki/users/1">
                <nick>Admin</nick> 
                <username>Admin</username> 
                <email>admin@mindtouch.com</email> 
            </user.modifiedby>
        </grant>
        <grant>
            <permissions>
                <operations mask="1343">LOGIN,BROWSE,READ,SUBSCRIBE,UPDATE,CREATE,DELETE,CHANGEPERMISSIONS</operations> 
                <role id="4" href="http://help.mindtouch.us/@api/deki/site/roles/4">Contributor</role> 
            </permissions>
            <user id="2" href="http://help.mindtouch.us/@api/deki/users/2">
                <nick>Anonymous</nick> 
                <username>Anonymous</username> 
                <email /> 
            </user>
            <date.expires>2008-09-05T07:00:00Z</date.expires> 
            <date.modified>2007-09-06T06:17:23Z</date.modified> 
            <user.modifiedby id="1" href="http://help.mindtouch.us/@api/deki/users/1">
                <nick>Admin</nick> 
                <username>Admin</username> 
                <email>admin@mindtouch.com</email> 
            </user.modifiedby>
        </grant>
    </grants>
</security>

Implementation notes 

  • A grant for Admin is automatically added by the system so that it would not restrict itself from the page.

Curl Sample: Set Page Security Settings

The following command sets the security settings for page "foo" according to the security definitions in document "security.xml":

Sample Code

curl -u admin:password -H "Content-Type: application/xml" -T security.xml -i http://mindtouch.address/@api/deki/pages/=foo/security

Implementation notes 

curl flags

-u
Basic HTTP authentication. Sends a username and password to server so it can verify whether a user is of privilege to perform specific operation.
-H
Adds a header or modifies an existing one. In this case, since an XML document is being sent, the content type must be set to "application/xml". The server will not accept the request otherwise.
-T file
Specifies a PUT command and file that contains the user data.
-i
Includes the HTTP response header in the output. Useful for debugging.

Permissions

ADMIN permission is required to execute above command. Otherwise, a 403 HTTP response (Forbidden) will be returned.

Example

We want to restrict page "Gotham" to "Private" and give specific users certain privileges. User "Batman" will be given a "Contributor" role, allowing him to read, edit, create subpages, and so on. Users "Riddler" and "Joker" will be given "Viewer" permission, allowing them to basically only access and read the page. The security definitions are outlined in "gotham.xml".

gotham.xml

Content-Type: application/xml

<security>
	<!-- set "Private" permission -->

	<permissions.page>
		<restriction>Private</restriction>
	</permissions.page>

	<grants>
		<!-- add user "Batman" (user ID 4) with "Contributor" role -->

		<grant>
			<permissions>
				<role>Contributor</role>
			</permissions>
			<user id="4"></user>
		</grant>

		<!-- add users "Joker" and "Penguin (user IDs 5, 6) with "Viewer" role -->

		<grant>
			<permissions>
				<role>Viewer</role>
			</permissions>
			<user id="5"></user>
		</grant>

		<grant>
			<permissions>
				<role>Viewer</role>
			</permissions>
			<user id="6"></user>
		</grant>
	</grants>
</security>

Command Line

curl -u admin:password -H "Content-Type: application/xml" -T gotham.xml -i http://192.168.59.128/@api/deki/pages/=Gotham/security

HTTP Response Headers

HTTP/1.1 200 OK
Date: Wed, 20 Jan 2010 01:23:30 GMT
Server: Dream-HTTPAPI/2.0.0.17629 Microsoft-HTTPAPI/2.0
Content-Length: 2970
Content-Type: application/xml; charset=utf-8
X-Data-Stats: request-time-ms=118; mysql-queries=46; mysql-time-ms=109;
X-Deki-Site: id="default"
Via: 1.1 dekiwiki

HTTP Response Body

Content-Type: application/xml

<?xml version="1.0"?>
<security href="http://192.168.59.128/@api/deki/pages/571/security">
  <permissions.effective>
    <operations mask="9223372036854779903">LOGIN,BROWSE,READ,SUBSCRIBE,UPDATE,CREATE,DELETE,CHANGEPERMISSIONS,CONTROLPANEL,ADMIN</operations>
  </permissions.effective>
  <permissions.page>
    <operations mask="1">LOGIN</operations>
    <restriction id="3" href="http://192.168.59.128/@api/deki/site/roles/3">Private</restriction>
  </permissions.page>
  <grants>
    <grant>
      <permissions>
        <operations mask="1343">LOGIN,BROWSE,READ,SUBSCRIBE,UPDATE,CREATE,DELETE,CHANGEPERMISSIONS</operations>
        <role id="4" href="http://192.168.59.128/@api/deki/site/roles/4">Contributor</role>
      </permissions>
      <user id="4" href="http://192.168.59.128/@api/deki/users/4">
        <nick>Batman</nick>
        <username>Batman</username>
        <email>xxx</email>
        <hash.email>f561aaf6ef0bf14d4208bb46a4ccb3ad</hash.email>
        <uri.gravatar>http://www.gravatar.com/avatar/f561aaf6ef0bf14d4208bb46a4ccb3ad</uri.gravatar>
      </user>
      <date.modified>2010-01-17T02:14:49Z</date.modified>
      <user.modifiedby id="1" href="http://192.168.59.128/@api/deki/users/1">
        <nick>Admin</nick>
        <username>Admin</username>
        <email>admin@admin.com</email>
        <hash.email>64e1b8d34f425d19e1ee2ea7236d3028</hash.email>
        <uri.gravatar>http://www.gravatar.com/avatar/64e1b8d34f425d19e1ee2ea7236d3028</uri.gravatar>
      </user.modifiedby>
    </grant>
    <grant>
      <permissions>
        <operations mask="15">LOGIN,BROWSE,READ,SUBSCRIBE</operations>
        <role id="3" href="http://192.168.59.128/@api/deki/site/roles/3">Viewer</role>
      </permissions>
      <user id="5" href="http://192.168.59.128/@api/deki/users/5">
        <nick>Riddler</nick>
        <username>Riddler</username>
        <email>xxx</email>
        <hash.email>f561aaf6ef0bf14d4208bb46a4ccb3ad</hash.email>
        <uri.gravatar>http://www.gravatar.com/avatar/f561aaf6ef0bf14d4208bb46a4ccb3ad</uri.gravatar>
      </user>
      <date.modified>2010-01-17T02:14:49Z</date.modified>
      <user.modifiedby id="1" href="http://192.168.59.128/@api/deki/users/1">
        <nick>Admin</nick>
        <username>Admin</username>
        <email>admin@admin.com</email>
        <hash.email>64e1b8d34f425d19e1ee2ea7236d3028</hash.email>
        <uri.gravatar>http://www.gravatar.com/avatar/64e1b8d34f425d19e1ee2ea7236d3028</uri.gravatar>
      </user.modifiedby>
    </grant>
    <grant>
      <permissions>
        <operations mask="15">LOGIN,BROWSE,READ,SUBSCRIBE</operations>
        <role id="3" href="http://192.168.59.128/@api/deki/site/roles/3">Viewer</role>
      </permissions>
      <user id="6" href="http://192.168.59.128/@api/deki/users/6">
        <nick>Joker</nick>
        <username>Joker</username>
        <email>xxx</email>
        <hash.email>f561aaf6ef0bf14d4208bb46a4ccb3ad</hash.email>
        <uri.gravatar>http://www.gravatar.com/avatar/f561aaf6ef0bf14d4208bb46a4ccb3ad</uri.gravatar>
      </user>
      <date.modified>2010-01-17T02:14:49Z</date.modified>
      <user.modifiedby id="1" href="http://192.168.59.128/@api/deki/users/1">
        <nick>Admin</nick>
        <username>Admin</username>
        <email>admin@admin.com</email>
        <hash.email>64e1b8d34f425d19e1ee2ea7236d3028</hash.email>
        <uri.gravatar>http://www.gravatar.com/avatar/64e1b8d34f425d19e1ee2ea7236d3028</uri.gravatar>
      </user.modifiedby>
    </grant>
  </grants>
</security>