Third Light Developer Exchange

Code and templating community forum for developers and software integrators

You are not logged in.

Announcement

If you wish to join the Developer Exchange, please contact your account manager - this is to avoid unnecessary spam in the forums. Many thanks for your understanding.

Pages: 1

#1 2021-04-28 16:06:39

mtaylor
Member
Registered: 2021-04-26
Posts: 4

Download Permissions

The ability to download assets (/files/{ID}/directurl) seems to be dependant on whether the API key corresponding to the user has "Share Link" permissions to the space in which the asset resides.

Is it possible to detect whether the API key we use has "Download" permissions when trying to fetch an asset to prevent users from getting access to assets they would not normally be able to in Chorus?

In a nutshell, how do we find out if a user could normally download a file or not in Chorus?

Offline

#2 2021-04-28 16:50:03

dominic
Third Light Staff
Registered: 2013-06-06
Posts: 119

Re: Download Permissions

Hi,

/rest/v1/files/{fileId}/temporaryDirectUrl does a "Download" rather than "Share as Link" permission check - the notable difference in behaviour is that this link is only valid for a limited period of time.

If you need more detail, Permissions.GetRights in the internal API returns which permissions the caller has on a file/folder.

(Generally, we would consider that "Share as Link" is a higher level permission than "Download", and that it would not normally make sense to configure a user to be able to publish but not directly download files.)

Dominic

Offline

Pages: 1

Board footer