Hi Harry,
Back working on expenses, and looking at the results I’m getting, it seems
the API is not filtering expenses by the current user.
I have two users setup in my account: myself as admin user, and “Joe
Employee” with a permission level of “Contracts and Projects” (level 3?).
As myself, I’ve posted a few expenses which I can see. When I login to
Freeagent as Joe, I can’t see these expenses (I can only see Expenses
filtered by my name).
However, if I authenticate with the API as Joe, and then perform a
“/expenses” API call, I get a response containing all the expenses in the
account - not just those I can see.
I’ve verified this in the Google oAuth sandbox (Screenshots attached)
https://lh6.googleusercontent.com/-7KBkXmJ3sTw/UXZmEWIK-qI/AAAAAAAATMI/6Gqkn7y0NxQ/s1600/Screen+Shot+2013-04-23+at+11.43.05.png
https://lh5.googleusercontent.com/-J4CXfADAzU0/UXZmGhv0vfI/AAAAAAAATMQ/_RiuvZN8FjQ/s1600/Screen+Shot+2013-04-23+at+11.43.20.png
https://lh4.googleusercontent.com/-sDYPKFsGv5w/UXZmKOSZAaI/AAAAAAAATMY/n9lHLTXyx6Q/s1600/Screen+Shot+2013-04-23+at+11.43.33.png
Appreciate any advice you can give on this. Is there anything else I need
to supply to the API to filter expenses?
Thanks!
Chris
http://plymouthsoftware.com
http://twitter.com/plymsoftwareOn Monday, 15 April 2013 17:32:50 UTC+1, Harry wrote:
Hi Chris,
The API returns all items of a resource that the current user (as
identified by their access token) can see. If you want to support multiple
users you can store an access token for each user so they can see the same
items as they would get through the web interface.
I hope this helps.
Regards,
Harry Mills
On Mon, Apr 15, 2013 at 3:56 PM, Chris Blunt <cbl...@gmail.com<javascript:> wrote:
Following up my other post (
https://groups.google.com/d/msg/freeagent_api/PvhEzuFQbik/SiJMTTktRR8J)…
Is there a way to filter expenses by (the current) user url/id? I’m
looking into multiple user support for my app, but the API only seems
capable of returning an “all or nothing” response for expenses.
This is fine for super-users (permission level 8) who can see everything
anyway, but if the current user is an employee at a lower permission (e.g.
level 3), then I would only want to retrieve their personal out-of-pocket
expenses. This would mirror what happens on the FA website: an employee at
permission level 3 can see only their own expenses. The filter is provided
by a nested URL, e.g https://…/user/284/expenses.
I couldn’t see a way of doing this other than manually filtering through
the JSON response in code (which is far from ideal, and potentially
insecure). If not yet available, could you let me know if it’s planned in
an API update?
Thanks,
Chris
http://plymouthsoftware.com
http://twitter.com/**plymsoftware http://twitter.com/plymsoftware
–
You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to freeagent_ap...@googlegroups.com <javascript:>.
To post to this group, send email to freeag...@googlegroups.com<javascript:>
.
Visit this group at http://groups.google.com/group/freeagent_api?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
