Developer forum

Hi Roald

Currently not - but we could add something so it is possible. Problem is to control what groups the users is allowed to become member of. I could potentially patch my self to whataver group - i.e. administrators or 100% discount group if it was open. Usually this limitation is on the paragraph settings, but is not available in this context since no paragraph exist for holding the settings.

Thoughts on that?

BR Nicolai

Hi Nicolai

I see the issue. One solution could be to have an option to create a list of GUIDs in the backend that, when provided in a request, would open up for more options as for example assigning af new user to a group. However, I do see that this is probably not a rock solid solution security-wise.

For our current situation that would mean that we would we would generate a GUID and share it with the manager of the partner system thus granting the manager access to assign new users to a group.

I see that you can create a user with custom fields, so a possibility with the current web API is to include a custom field in the request with a certain value and then create a notification subscriber to add users to the group when they are created if they match the value in the custom field.

As I am writing this, it occurs to me that I might just be able to make a smart search group for the value in the custom field, which makes the notification subscriber redundant. For starters I will try that solution.

Kind regards
Roald

Hi Nicolai.

We also need a solution for adding a user to a specific group.

I do see an issue security wise, if we are able to add a user to a specific group using the open web api. 

A solution could be to generate a token of some kind, as Roald suggest, in the settings area of the administration, to send with the request.