How can i set page restrictions (read, update) with Confluence Server REST API v6.3+ ?

Vincent Blain December 22, 2017

Hi.

I previously use the deprecated method with a SOAP client to get, or add, or remove page restrictions for given groups or users. Everything seems normal until i get a risky behaviour when i add a page restrictions with a more complex vector permission, that combines both groups and users. Like this :

var vectorPermission = {
"permission_1": {
"type": "View",
"groupName": "group1",
"userName": null
},
"permission_2": {
"type": "View",
"groupName": "group2",
"userName": null
},
"permission_3": {
"type": "View",
"groupName": null,
"userName": "user1"
}
};

So i choose to give up this method and use REST API approach, but i can't find a method to add, update or remove page restrictions with Confluence Server REST API. The method seems to be only exists with Confluence Cloud REST API (https://developer.atlassian.com/cloud/confluence/rest/#api-content-id-restriction-post)

And the "experimental API" approach doesn't work in Confluence 6.3+

PUT https://confluence/rest/experimental/content/<id>/restriction/byOperation/read/user?userName=billgates

 If you have an idea, tank you in advance,

3 answers

1 vote
Hasnae
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 28, 2017

From what I see, this feature is unfortunately not supported yet on Confluence Server.

We only support GET and PUT for /content/<id>/restriction/byOperation/<operationKey>/user

In this case PUT will update (and replace the restrictions, which is not your use case)

The experimental api does have a POST method applied to the following resource

/content/<id>/restriction and the payload is similar to what the GET method would return

* Accepts same input format as the response of GET to the same resource would return.
* <p>
* E.g.
* <div class="exampleRequests">
* <p>Example request (simplified)</p>
* <pre>{@code
* [
* {
* "operation": "update",
* "restrictions":
* {
* "user": [
* {
* "type": "known",
* "username": "admin"
* }
* ]
* }
* }
* ]
* }</pre>

To use with care, as it may change once it is promoted out of experimental.

Hope this helps 

gurgen2727 April 25, 2018

Hi

 

is there a way now  ? I need this , please help me ? 

I need to remove all user permissions per page and only add permissions for specific users ? how to do that using REST API  ?

Bill October 10, 2018

+1 for this question

 

The endpoint mentioned in the comment from @viqueen doesn't even exist in the API.

(/content/<id>/restriction/byOperation/<operationKey>/user)

 

/rest/api/content/123456789/restriction/byOperation/read/user

With a PUT, I get a 404 on this endpoint.

{
'read' :{
'operation': 'read',
'restrictions': {
'user': [
{
'type': 'known',
'username': 'johndoe'
}
]
}
}
}

How are we supposed to restrict page read access to a specific user in an automated way?

fwoon May 28, 2019

Since atlassian team cant be bothered to reply....let me do their job for them

url = 'https://your-confluence.com/rest/experimental/content/{id}/restriction'
headers = { "Accept": "application/json", "Content-Type": "application/json" }
payload = json.dumps( [
{
"operation": "update",
"restrictions": {
"user": [
{ "type": "known",
"username": "<string>",
"userKey": "<string>",
"accountId": "<string>"
}],
"group": [
{
"type": "<string>",
"name": "<string>",
}]
}
}
] )

r = requests.put( url, verify=False, data=payload, headers=headers, auth=(username, passwd) )

 Take a look at https://developer.atlassian.com/cloud/confluence/rest/#api-content-id-restriction-put for reference...try to do a get permission on the page first to understand what kinda operation there is...do not use administer as the operation...that's for cloud

Like # people like this
Seiji Fujii
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 21, 2019

This is for confluence cloud yes? I think the og answer asked for a server solution, by any means does this work for server as well as cloud?

 

EDIT: just tested it with "experimental" , works like a charm.

Like Ritika Saini likes this
Stan Ry
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 15, 2020

@fwoon Thanks a ton for this sample! Could you please elaborate on how did you manage to get a clue on what should be the proper format of payload?

Why does the JSON look like:

[
{
"operation": "update",
"restrictions": {
"user": [
{ "type": "known",
"username": "<string>",
"userKey": "<string>",
"accountId": "<string>"
}],
"group": [
{
"type": "<string>",
"name": "<string>",
}]
}
}
]

How'd you managed to figure out the proper format?

Edit: Figured. You've got the valid format from the output of /rest/experimental/content/{id}/restriction

Thank you.

Stan Ry
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 15, 2020

Does anyone have a clue on using /rest/access/1/page/restriction/{pageId}/grant/{type:view|edit} API? This API also requires payload, but I can't figure out what should be put in payload...

Matt Keenan April 28, 2021

Where did you find out about this entry point ? Is it on Cloud or Server ?

zorruch
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 16, 2024

example of using the experimental method:

$ cat test23_2.json | jq .
[
{
"operation": "read",
"restrictions": {
"group": [
{
"type": "group",
"name": "{group_name}"
}
],
"user": [
{
"type": "known",
"username": "{user}"
}
]
}
}
]


bash:
cat test23_2.json | curl -u {user}:{password} -H "Content-Type: application/json" --data-binary @- -XPOST http://localhost/rest/experimental/content/{id}/restriction


tested on 8.5.6 (datacenter) version

0 votes
Mohamed Adel
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 2, 2021

I recommend to use Power Scripts for Confluence  , it allows you to create and configure webhooks which you can use to extend the confluence api functionality , 

 

I created a new webhook which which utilize there built-in function : 

removeUserFromContentPermission 

0 votes
Najjar _Innovura_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
July 14, 2020

Holla

We launched a new app that allows you to create pages from templates and store the page under a location based on project or customfield value through Jira Workflow post-function and store the Confluence page in a Jira customfield to apply more actions like:

Workflow postfuntions

  • Update page permissions
  • Update page content
  • Update page title

Workflow conditions

  • Check if page was modified after a certain status transition
  • Check if page still has a placeholder

And so much more.

Please give it a try, I believe it would streamline alot of repeated effort on your team

Jira Confluence Workflow Extensions (JCWE) 

Give it a try I am confident you'll love it.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events