Is the API void of permissions/roles?

[a-ok]

If I set the admin user in the backend to not have rights to create pages for a certain parent/child tree... can the API still publish/create? Is the API void of permissions/roles?

[louisstephens]

From what I understand, you could create/publish pages regardless of roles/permissions. However, if you were to wrap the page creation in an if statement like :

if($user->hasPermission('permission-name', $page)) {
  // user has this permission, for this $page
}

then that person with the permission could perform whatever action you created.
 

[kixe]

4 hours ago, a-ok said:

Is the API void of permissions/roles?

it depends!
 

// ADD PAGE
// adding a page via API can be triggered by the guest user even if he has not the permission to add children under a specific parent (12464)
if ($user->isGuest()) $pages->add('contribution', 12464); // works

// VIEW PAGE or FIELD VALUE
// if guest user has not the view permission it depends on outputformatting
if ($user->isGuest()) var_dump($pages->get(12985)->title); // "I am the Page Title"
if ($user->isGuest()) var_dump($pages->get(12985)->of(true)->title); // NULL

// MODULES
// Call of a Module via API. User has not the permission to use the module
if ($user->isGuest()) $modules->get('MyModule')->execute(); // Fatal error: Exception: You do not have permission to execute this module (if debug mode is on/ 500 otherwise)
if ($user->isGuest()) $modules->getModule('MyModule', array('noPermissionCheck' => true))->execute(); // works!

 

[a-ok]

Thanks all. So if I don't set a check then it'll void of any permissions? Great.