Is there a way to filter expenses by (the current) user url/id? I’m looking
into multiple user support for my app, but the API only seems capable of
returning an “all or nothing” response for expenses.
This is fine for super-users (permission level 8) who can see everything
anyway, but if the current user is an employee at a lower permission (e.g.
level 3), then I would only want to retrieve their personal out-of-pocket
expenses. This would mirror what happens on the FA website: an employee at
permission level 3 can see only their own expenses. The filter is provided
by a nested URL, e.g https://…/user/284/expenses.
I couldn’t see a way of doing this other than manually filtering through
the JSON response in code (which is far from ideal, and potentially
insecure). If not yet available, could you let me know if it’s planned in
an API update?
Expenses are a bit different from the rest of the resources returned by the
API. While the rest of the resources are returned for the user linked to
the token like Harry said, expenses are returned based on your permission
level. Any user with at least the “My Money” level will get all the
expenses present on the company. I’m afraid that for now you will have to
manually filter them from the response.
I realise this is inconsistent with how the app behaves, and that we should
offer a better way of filtering these. I’ll keep you informed if and when
we add expense filtering to the API.
Best regards,
IoanOn Tuesday, 23 April 2013 11:45:40 UTC+1, Chris Blunt wrote:
Hi Harry,
Back working on expenses, and looking at the results I’m getting, it seems
the API is not filtering expenses by the current user.
I have two users setup in my account: myself as admin user, and “Joe
Employee” with a permission level of “Contracts and Projects” (level 3?).
As myself, I’ve posted a few expenses which I can see. When I login to
Freeagent as Joe, I can’t see these expenses (I can only see Expenses
filtered by my name).
However, if I authenticate with the API as Joe, and then perform a
“/expenses” API call, I get a response containing all the expenses in the
account - not just those I can see.
I’ve verified this in the Google oAuth sandbox (Screenshots attached)
On Monday, 15 April 2013 17:32:50 UTC+1, Harry wrote:
Hi Chris,
The API returns all items of a resource that the current user (as
identified by their access token) can see. If you want to support multiple
users you can store an access token for each user so they can see the same
items as they would get through the web interface.
I hope this helps.
Regards,
Harry Mills
On Mon, Apr 15, 2013 at 3:56 PM, Chris Blunt cbl...@gmail.com wrote:
Is there a way to filter expenses by (the current) user url/id? I’m
looking into multiple user support for my app, but the API only seems
capable of returning an “all or nothing” response for expenses.
This is fine for super-users (permission level 8) who can see everything
anyway, but if the current user is an employee at a lower permission (e.g.
level 3), then I would only want to retrieve their personal out-of-pocket
expenses. This would mirror what happens on the FA website: an employee at
permission level 3 can see only their own expenses. The filter is provided
by a nested URL, e.g https://…/user/284/expenses.
I couldn’t see a way of doing this other than manually filtering through
the JSON response in code (which is far from ideal, and potentially
insecure). If not yet available, could you let me know if it’s planned in
an API update?
The API returns all items of a resource that the current user (as
identified by their access token) can see. If you want to support multiple
users you can store an access token for each user so they can see the same
items as they would get through the web interface.
I hope this helps.
Regards,
Harry Mills
On Mon, Apr 15, 2013 at 3:56 PM, Chris Blunt cbl2001@gmail.com wrote:
Is there a way to filter expenses by (the current) user url/id? I’m
looking into multiple user support for my app, but the API only seems
capable of returning an “all or nothing” response for expenses.
This is fine for super-users (permission level 8) who can see everything
anyway, but if the current user is an employee at a lower permission (e.g.
level 3), then I would only want to retrieve their personal out-of-pocket
expenses. This would mirror what happens on the FA website: an employee at
permission level 3 can see only their own expenses. The filter is provided
by a nested URL, e.g https://…/user/284/expenses.
I couldn’t see a way of doing this other than manually filtering through
the JSON response in code (which is far from ideal, and potentially
insecure). If not yet available, could you let me know if it’s planned in
an API update?
The API returns all items of a resource that the current user (as
identified by their access token) can see. If you want to support multiple
users you can store an access token for each user so they can see the same
items as they would get through the web interface.
I hope this helps.
Regards,
Harry MillsOn Mon, Apr 15, 2013 at 3:56 PM, Chris Blunt cbl2001@gmail.com wrote:
Is there a way to filter expenses by (the current) user url/id? I’m
looking into multiple user support for my app, but the API only seems
capable of returning an “all or nothing” response for expenses.
This is fine for super-users (permission level 8) who can see everything
anyway, but if the current user is an employee at a lower permission (e.g.
level 3), then I would only want to retrieve their personal out-of-pocket
expenses. This would mirror what happens on the FA website: an employee at
permission level 3 can see only their own expenses. The filter is provided
by a nested URL, e.g https://…/user/284/expenses.
I couldn’t see a way of doing this other than manually filtering through
the JSON response in code (which is far from ideal, and potentially
insecure). If not yet available, could you let me know if it’s planned in
an API update?
Back working on expenses, and looking at the results I’m getting, it seems
the API is not filtering expenses by the current user.
I have two users setup in my account: myself as admin user, and “Joe
Employee” with a permission level of “Contracts and Projects” (level 3?).
As myself, I’ve posted a few expenses which I can see. When I login to
Freeagent as Joe, I can’t see these expenses (I can only see Expenses
filtered by my name).
However, if I authenticate with the API as Joe, and then perform a
“/expenses” API call, I get a response containing all the expenses in the
account - not just those I can see.
I’ve verified this in the Google oAuth sandbox (Screenshots attached)
The API returns all items of a resource that the current user (as
identified by their access token) can see. If you want to support multiple
users you can store an access token for each user so they can see the same
items as they would get through the web interface.
I hope this helps.
Regards,
Harry Mills
On Mon, Apr 15, 2013 at 3:56 PM, Chris Blunt <cbl...@gmail.com<javascript:> wrote:
Is there a way to filter expenses by (the current) user url/id? I’m
looking into multiple user support for my app, but the API only seems
capable of returning an “all or nothing” response for expenses.
This is fine for super-users (permission level 8) who can see everything
anyway, but if the current user is an employee at a lower permission (e.g.
level 3), then I would only want to retrieve their personal out-of-pocket
expenses. This would mirror what happens on the FA website: an employee at
permission level 3 can see only their own expenses. The filter is provided
by a nested URL, e.g https://…/user/284/expenses.
I couldn’t see a way of doing this other than manually filtering through
the JSON response in code (which is far from ideal, and potentially
insecure). If not yet available, could you let me know if it’s planned in
an API update?
