Javascript API - permissions

Nyngan · 2010-11-17 22:43:07 UTC

Have put in place a nice little page that updates metadata using the JS API (that API is great stuff BTW, can see myself using it a lot).

Have an issue with permissions though - I want a particular field in metadata to be updated by any staff member, ignoring any write permissions on the asset. Is this possible?

There is an "ignore permissions" option in the JS API details screen for Creating Assets but nothing for setting metadata on an asset. Am I missing something, or will I have to give write permission for the WHOLE WEBSITE to the WHOLE STAFF in order for them to be able t update this one metadata field?

Thanks,

Steve.

Ashish_Karelia · 2010-11-17 23:15:26 UTC

[quote]
Have put in place a nice little page that updates metadata using the JS API (that API is great stuff BTW, can see myself using it a lot).

Have an issue with permissions though - I want a particular field in metadata to be updated by any staff member, ignoring any write permissions on the asset. Is this possible?

There is an "ignore permissions" option in the JS API details screen for Creating Assets but nothing for setting metadata on an asset. Am I missing something, or will I have to give write permission for the WHOLE WEBSITE to the WHOLE STAFF in order for them to be able t update this one metadata field?

Thanks,

Steve.

[/quote]

Hi Steve,

Unfortunately 'ignore permission' works only for creating assets. For every other function there is a need for user to have effective permission.

Cheers

Nyngan · 2010-11-17 23:27:37 UTC

Thanks Ash, although thats not good news.

Hopefully one of the "power users" out there will have a creative idea for a workaround.

nnhubbard · 2010-11-18 03:46:11 UTC

[quote]
Thanks Ash, although thats not good news.

Hopefully one of the "power users" out there will have a creative idea for a workaround.

[/quote]

Feature request.

Anthony_Barnes · 2010-11-18 05:10:12 UTC

This can be done using a trigger. You would setup like:

Event: asset accessed
[*]Condition: whatever you want to restrict it to (tree location, user group, url match?)
[*]Action: Set metadata value

The set metadata value trigger you can configure to ignore permissions and also accept the value to set dynamically, say through the query string as a GET or POST parameter. I'd then use some ajax to set the value for the asset being accessed. A jQuery example:

    
    jQuery.ajax({
       type: "GET",
       url: "http://www.example.com/path/to/asset?set_metadata_value=something",
       onSuccess: function() {
     // All done
       }
    });

You can even setup the trigger to check to see if the person trying to perform the action belongs to a user group, or one of any number of conditions you can put together additively.