Posted by g00d
Henagon

rest api questions

hello

1. How can I change the user's access rights to a joint group via "REST API" for full access?
the documentation says that the permissions are only available read or readwrite
but from the application, I can set other users "full" rights and the read group request to REST API returns the permission of the user "Full". I think it's a mistake.
 
POST /api/v1/groups/<gID>/share_group (share group with other user(s))
Parameters
•users –List of users with whom the group will be shared.
▪ userid – User ID of one of the users you want to share the group with.
▪ permissions – Access - permissions of the user on this group. Either read or readwrite
 
I guess that who could forget to add permission "Full" to the /api/v1/groups/<gID>/share_group !
 
2. the user has the permission to read and write to the group, but this does not give him the right to move the device to another shared group from the application. Is this normal behavior?
 
Could you help me?

 
1 Reply
1 Reply
Posted by DomLan
Heptagon

Re: rest api questions

Hi @g00d

To understand the behavior defined by TeamViewer in group management it is essential to understand the general behavior of all HTTP verbs that are allowed to manage this entity by TeamViewer.

It should also be understood that the entities involved are different and have different rights to each other.
Who creates the group and in what relation it is with the other users.
Which user is added to the group.

When you log in via API you can do it with a token with user or company type rights. At the end of a creation, the group is not shared but only owned by the entity that created it: this only grants the possibility to perform the only operation that is missing from your concept of full rights: the physical cancellation.

This justifies the fact that when making a user addition operation to the group, the only available permissions are read or read/write. If you verify what is described for the REST DEL operation, you will find that the cancellation operates two distinct behaviors depending on who requests it:
- owner: physical cancellation;
- user with reading permissions: removal of sharing;
- user with read/write permissions: removal of sharing.

***** API reference

DELETE /api/v1/groups/ (delete a group)

Deletes an existing group. If the group is not owned, but only shared with the user's account it will just be unshared.

*****

Moving devices between groups: it is still a question of rights between the moveers, rights on the source group and rights on the target group.
This operation is possible only if the token used for the call belongs to an entity with read/write rights on both groups involved. In the absence of this requirement you will receive a refusal to complete the operation.

Hepe this help.

Regards

Domenico Langone
MCSD: App Builder