Carbonio SOAP API Reference 24.9.5_ZEXTRAS

Service: zimbraMail

Command: CheckPermission
Namespace: urn:zimbraMail
Description: Check if the authed user has the specified right(s) on a target.
If the specified target cannot be found:

if by is "id", throw NO_SUCH_ACCOUNT/NO_SUCH_CALENDAR_RESOURCE
if by is "name", return the default permission for the right.

e.g. With user1's auth token, the following checks if user1 can invite user2 and view user2's free/busy.

     <CheckPermissionRequest>
       <target type="account" by="name">user2@test.com</target>
       <right>invite</right>
       <right>viewFreeBusy</right>
     </CheckPermissionRequest>

     <CheckPermissionResponse allow="{1|0}">
       <right allow="{1|0}">invite</right>
       <right allow="{1|0}">viewFreeBusy</right>
     </CheckPermissionResponse>

Properties:

Authorization token required	true
Admin Authorization token required	false
Deprecation information	Note: to be deprecated in Zimbra 9. Use zimbraAccount CheckRights instead.

    <CheckPermissionRequest> ## CheckPermissionRequest
        <target
                    type="{target-type} (account | calresource | cos | dl | group | domain | server | xmppcomponent | zimlet | config | global)"
                    by="{target-selector-by} (adminName | appAdminName | id | foreignPrincipal | name | krb5Principal)">{value}</target> ## TargetSpec
        (<right>{rights} (String)</right>)*
    </CheckPermissionRequest>

elements and attributes you can define within a <CheckPermissionRequest> element:

XPath	Required / Optional	Description
/target	Optional (0 or 1)	Type: {value} Target specification Description for element text content:The key used to identify the target. Meaning determined by {target-selector-by}
/target@type	Required (only 1)	Type: account \| calresource \| cos \| dl \| group \| domain \| server \| xmppcomponent \| zimlet \| config \| global Target type
/target@by	Required (only 1)	Type: adminName \| appAdminName \| id \| foreignPrincipal \| name \| krb5Principal Select the meaning of {target-selector-key}
/right	Optional (0 or more)	Type: {rights} (String) Rights to check

CheckPermissionResponse

    <CheckPermissionResponse allow="{has-right-to-all} (0|1)"> ## CheckPermissionResponse
        (<right allow="{has-right-on-target} (0|1)">{rightName}</right> ## RightPermission)*
    </CheckPermissionResponse>

elements and attributes you can define within a <CheckPermissionResponse> element:

XPath	Required / Optional	Description
@allow	Required (only 1)	Type: 0\|1 Set if the authed user has ALL the rights for each <right> element. i.e. It is the AND result of each individual result
/right	Optional (0 or more)	Type: {rightName} Individual right information Description for element text content:Right name
/right@allow	Required (only 1)	Type: 0\|1 If set then the authed user has the right {right-name} on the target.