Include user rights in REST API endpoint for pages
Last modified by Pierre Jeanjean on 2026/03/23 17:05
Description
Requirements
- When a user fetches a page through the REST API, include its rights so that a UI displaying the page's content can enable/disable features accordingly
- Make it optional
Definition
Endpoints
These are existing endpoints, where the only change is the addition of a query parameter to add this feature (in bold).
/wikis/{wikiName}/spaces/{spaceName}[/spaces/{nestedSpaceName}]*/pages/{pageName}[?prettyNames={true,false}&objects={true,false}&class={true,false}&attachments={true,false}&minorRevision={true,false}[&checkRight={rightName}]*]
- HTTP Method: GET
- Media types:
- application/xml (Page element)
- Query parameters
- prettyNames: also return the pretty name for various document information (like the author display name, etc). Disabled by default.
- objects: [since 7.3M1] also return the objects. Disabled by default.
- class: [since 7.3M1] also return the class. Disabled by default.
- attachments: [since 7.3M1] also return the attachments metadatas. Disabled by default.
- checkRight: also return whether the user has the right {rightName} on the page. Multiple checks can be requested. Empty by default.
- Description:
- Status codes:
- 200: If the request was successful.
- 401: If the user is not authorized.
- Media types:
Examples
A user with comment rights and without edit rights on the page xwiki:Main.WebHome fetches it with:
GET /wikis/xwiki/spaces/Main/pages/WebHome?checkRight=comment&checkRight=editThe returned resource would include the following:
<right name="comment">true</right>
<right name="edit">false</right>
Pierre Jeanjean