Record permission with get records api

H_Nar · June 12, 2024, 8:18am

I have set up the app so that I can only see my own records by allowing only "create by" permission in the record list.
One problem is that there is a javascript code that gets the entire list through the get records API, but the result only shows my own records.

Permission to allow my own records.
Retrieve all records through the API.
Is there a way to do this?

Chris · June 12, 2024, 3:46pm

Hello @H_Nar

If you're trying to retrieve all records created by the logged-in user, you should use the query string. The script would look something like this:

(function() {
    'use strict';

    // Function to fetch records created by the logged-in user
    function fetchRecordsCreatedByUser(appId, userCode) {
        // Construct the query to fetch records where the creator is the logged-in user
        const query = `CreatedBy in ("${userCode}")`; // Replace CreatedBy with your actual Created By field code
        const params = {
            app: appId,
            query: query,
            fields: ['CreatedBy', 'Text'] // Replace with your actual field codes
        };

        // Make the API call to fetch records
        return kintone.api(kintone.api.url('/k/v1/records.json', true), 'GET', params)
            .then(response => {
                return response.records;
            })
            .catch(error => {
                console.error('API call failed:', error);
                throw error;
            });
    }

    // Execute the function when running the script in the console
    const appId = kintone.app.getId();
    const userCode = kintone.getLoginUser().code;

    fetchRecordsCreatedByUser(appId, userCode).then(records => {
        console.log('Records created by the logged-in user:', records);
    });

})();

Chris · June 12, 2024, 11:49pm

Hello @H_Nar

After re-reading your message several times, I realize I may have misunderstood your initial concern and did not provide an appropriate answer.

My current understanding is that you have an app with permissions set up so that you can only see records you created yourself. Your problem is that the Get Records API only allows you to obtain records you have permission to access, but you would like to retrieve all records regardless of the permissions. Please correct me if I am wrong.

If this is the case, using API tokens would be a solution to retrieve all records regardless of the permissions. However, please note that if you use the API token in the same app, the token can be visible via the console. This means that users who try to obtain the token can see all data, even if they do not have the appropriate permissions. Therefore, it would be best to place the script in another app and set permissions on that app so that only certain users can access it.

H_Nar · June 13, 2024, 1:19am

Hello, @Chris
Your understanding is correct.
Thank you for your advice.

Topic		Replies	Views
Getting the previous record within the same App	1	281	May 15, 2020
Search by Record # -OR- Duplicate Record # in Text Field	2	246	December 28, 2017
How to get a Record ID from a Lookup field? lookup-field , record-id , record-number-field	8	371	October 12, 2022
Way to retrieve numbers from Related Records table for other calculations?	1	181	September 21, 2016
Get Records with a query condition of "like" not returning all available results in the response	3	209	February 19, 2018

Record permission with get records api

Related Topics