Top Menu

Jump to content
    Global modules

    Global modules

    • Home
    • Projects
    • Activity
    • Work packages
    • Gantt charts
    • Calendars
    • Team planners
    • Boards
    • News
    Home
    Home
Help
    Getting started
    • Introduction video
  • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
  • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation

User menu

Sign in
Forgot your password?

or sign in with your existing account

OpenProject ID Google

Side Menu

Collapse project menu
  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

Expand project menu
General discussion
  1. OpenProject Community
  2. OpenProject
  3. Forums
  4. General discussion
  5. Documentation mistake on /api/v3/users

Documentation mistake on /api/v3/users

Added by Duy Lê Quang 2 days ago

In the document for Users API: https://www.openproject.org/docs/api/endpoints/users/, it said that user with manage_members or share_work_package permission can access the endpoint when it is not the case.

The user with manage_members or share_work_package can access /api/v3/principals, but getting /api/v3/users will face 403


Replies (3)

RE: Documentation mistake on /api/v3/users - Added by Alexander Stock 1 day ago

Hello Duy,

the /users endpoint docu mentions the general Administrator or the global permission to manage users (create users, edit users). Could you point me to the part where the share_work_package permissions is mentioned? I would like to investigate this further and eventually adjust the documentation. 

Best

Alexander

RE: Documentation mistake on /api/v3/users - Added by Duy Lê Quang 1 day ago

This is the part where it said that normal users who are not admin can call list users with manager user and share work packages permission.

RE: Documentation mistake on /api/v3/users - Added by Alexander Stock about 20 hours ago

Hello Duy,

thank you for pointing this out! Indeed, a user with solely manage_members and/or share_work_package permission will receive an error 403.
Accessing such user data is an admin level topic as described in this endpoints description above. That is why it only works with admin permissions or global admin-like permissions. I reckon this example description needs to be updated and will connect with the team regarding this.

Best

Alexander

  • (1 - 3/3)
Loading...