Found this content helpful? Log in or sign up to leave a like!

Using the "List account admins" endpoint with a custom admin role

Jump to solution
akshya
Community Explorer
‎07-21-2021 12:24 PM

Hi There,

I am a developer for an application which utilizes Canvas' REST APIs to get data related to users, user roles, course enrollments, etc. 

The focus of this post is to try and see if one of the available endpoints to detect admin roles would work with custom admin roles. Here is the scenario:

I use the "List account admins" endpoint (https://canvas.instructure.com/doc/api/admins.html#method.admins.index) to detect whether a given user has an admin role. I pass a user_id into the user_id[] parameter. Here is a sample GET request that the application makes:

GET api/v1/accounts/self/admins?user_id[]=462

The user 462 is set up as a custom admin role in this account. It is not using the standard "Account Admin" role, but it is using a custom admin role with a mostly matching set of privileges to AccountAdmin. However, making a GET request to the admins endpoint in this user's context produces a response with status 401 and the following message:

{"status":"unauthorized","errors":[{"message":"user not authorized to perform that action"}]}

The Canvas API documentation doesn't explicitly state exactly what privilege or authorization level is needed to make this request.

- How can we can adjust our custom Admin role so that it is authorized to make a valid request to the admin endpoint?

- Can custom admin roles be detected using any other endpoints? I was unable to find any in the API documentation

Labels (3)
Labels
0 Likes
1 Solution

Jump to solution
James
Community Champion
‎07-21-2021 01:27 PM

@akshya 

Looking at the source code for the admins_controller.rb index function, the first line says that they must have manage_account_memberships permission. That doesn't help until you know what it does. I found that string in the role_overrides_controller.rb file, where it says that permission is the one needed to add or remove other admins.

That means that you would need to give the "Admins - add / remove" permission in order to use that API call. 

By the way, you can find the source code by clicking on the gray link next to the heading from the API documentation. In this case, it says AdminsController#index. The AdminsController is the name of controller and the fragment #index tells you that you are looking for the index function. Once you click on that, it will open up the source code and then use the browser's find (Ctrl+F) to look for "def index"

View solution in original post