Table of Contents

NAME

Kernel::WebApp::Controller::API::Role::RequiresCustomerITSMConfigItemPermission – Require permission for the current itsm config item(s).

PUBLIC INTERFACE

Just consume this role to make sure that your endpoint can only be used by customers with permission for the current itsm config item(s) (see further below for which permission and which itsm config items):

    with qw(
        Kernel::WebApp::Controller::API::Role::Customer::RequiresCustomerITSMConfigItemPermission
    )

It works by wrapping a default implementation around Kernel::WebApp::Controller::API::Base::Authorize(), which requires itsm config item permission or otherwise sends a 403 Forbidden response.

You can still provide your own Authorize() method to perform additional checks in the endpoint.

ITSMConfigItemCustomerPermissionConfigItemIDs()

this method provides the ConfigItemIDs to be used for the permission check. The default implementation will fetch it from the :ConfigItem param value.

You can override the default implementation of this attribute to specify a different source for the ConfigItems to test – it is possible to specify multiple, and all of them must have proper permission.

    sub ITSMConfigItemCustomerPermissionConfigItemIDs {
        # provide custom implementation that returns an C<ArrayRef> of C<ConfigItemID>s.
        my $Self = shift;
        return [ $Self->stash('ConfigItem1'), $Self->stash('ConfigItem2') ];
    };

Facebook X LinkedIn