ACL: Retrieve the Access granted on a given document

[michaelkroll]

Regarding ACL I can see the following methods on iOS to deal with Access controle:

• (void) grantAccessToRole:(NSString *)roleName ofType:(NSString *)accessType completion:(BAAObjectResultBlock)completionBlock;
• (void) grantAccessToUser:(NSString *)username ofType:(NSString *)accessType completion:(BAAObjectResultBlock)completionBlock;
• (void) revokeAccessToRole:(NSString *)roleName ofType:(NSString *)accessType completion:(BAAObjectResultBlock)completionBlock;
• (void) revokeAccessToUser:(NSString *)username ofType:(NSString *)accessType completion:(BAAObjectResultBlock)completionBlock;

How do I query the type of access granted to a document?
I need to check on a document if this is already shared with the friends of a user or now.

[michaelkroll]

Do I need to store this on the document as a specific attribute in order to see if the document is shared or not? A hint would be very helpful to move forward with my implementation. Is this a feature that will be added to v0.9.4 or v1.0.0?

[funkyboy]

First we need to find out if this is supported in REST API.

[michaelkroll]

In the underlying DB?

[funkyboy]

For sure it's in the underlying DB:) I just don't know if it's exposed via REST. cc @giastfader

[michaelkroll]

How should an app otherwise keep track on the access to a particular object? Should I store this on the document itself?

[giastfader]

Hi,
although there is not an API to have this info, the data are stored in the db. Each record maintains its own access control list.
To know it you could call the GET document API like that:

GET /document/<collection_name>?fields=_allowRead.name as name&where=id='<document_id>'

The API will return the name of all users and roles that can read the record.

If you want to know all records within a collection:

GET /document/<collection_name>?fields=id,_allowRead.name as name

[michaelkroll]

Hi,
this looks good to me and I will try to implement this now.
Thanks
Michael