LifeTime UserManagementService API call: User_GetAllPermissions

LifeTime UserManagementService API call: User_GetAllPermissions

  

I was trying to use the API call mentioned in the title and ran across a strange "issue". When I make the call using myself as the username input, it returns nothing in the list, even though I am an Administrator. However, when I input a developers name who is in a Team with apps assigned, I get a list returned. 

I'm not sure how this API is meant to work, since as an Administrator I would expect to get a list of everything... I could see if I used the Team Management API that it would be limited, but since I have Change & Deploy permissions set by my default role, I don't get why the list returns empty.

Running 9.0.1.40 currently and planning migration to 9.1, has the API since been updated to resolve this or something?


Thanks

Bump

Hey Nicholas,


The User_GetAllPermissions method returns a record with the information regarding the user default role pemissions and a list of application role permissions. The list of application role permissions refers to the permissions that user has over each specific application and that you can see in Lifetime's user detail page. That is, the permissions that you explicitly granted for that specific application. The API output returns exactly what you can see in that user detail page. 


As you are testing it with the administrator, you probably don't have any specific application role permissions for that user and so the API just returns the permissions that that user has for all the applications through the base role. 


You don't get the list of all applications because the application permissions are given by the user default role as you didn't override them with a specific application role.


Let me know if this answers your question or if you need additional clarifications.


Thank you for your question!

Regards



Hi Lara,


That does answer my question, and as in line with my assumption. The issue I have is that it is a little misleading...when I login to LifeTime as an Admin I can see all apps listed, so clearly there is a call used for this. I am not sure why this API would be labeled as such since it actually doesn't really tell you if a user has permissions on an applications, but rather only manually assigned permissions based on either Team or User level grants. Basically, the way this is configured to work, if there is an environment that has 5 Apps created and no Teams; the API would return 0 for every single user... which is not true. The only way to get the API to show results "correctly" is to add every developer to a Team, and then every App to that team as well.


This seems like a needless step, and could clearly become cumbersome as the developer/app list grows...


My work around has been to create an additional call that checks for the developer's role and if that role = "Administrator" then fire off another call to the Application_List method, which is now 1) most costly and 2) gives me a completely different data Structure then GetAllPermissions AppList structure; making this a much more tedious process than I would think it should be.

Hey Nicholas,

I understand your issue and thank you for your feedback! I will add the issue to our backlog, we will evaluate and address it accordingly to its priority.


Thank you,

Regards