REST attributes allow specifying additional filters for different types of users. Attributes allow limiting user access more precisely.
REST Attributes Structure
The REST attributes tree includes the following elements (as subnodes):
- Name of the resource
- Read permissions (includes all elements available for the current resource)
- Write permissions (includes all elements available for the current resource)
The Resources tree may be too immense. To avoid scrolling down when searching for the required resource, you can fold the nodes for better representation.
Managing Attributes for Guest
- On the Magento Admin Panel menu, select System > Web Services > REST - Attributes.
- The REST Attributes page opens. From the list of user types, select the Guest type and click it.
- The page for editing attribute rules opens.
- In the User Type Resources panel, in the Resource Access drop-down list, select whether all or some specific resources will be limited to a Guest type of user by selecting the corresponding All or Custom options.
- If you select the Custom option, the resources tree appears.
- Select the required options and click Save in the top right corner to apply changes.
Managing Attributes for Customer
- On the Magento Admin Panel menu, select System > Web Services > REST - Attributes.
- The REST Attributes page opens. From the list of user types, select the Customer type and click it.
- The page for editing attribute rules opens.
- In the User Type Resources panel, in the Resource Access drop-down list, select whether all or some specific resources will be limited to a Customer type of user by selecting the corresponding All or Custom options.
- If you select the Custom option, the resources tree appears. Some resources have options for selecting read and write permissions.
- Select the required options and click Save in the top right corner to apply changes.
Managing Attributes for Admin
- On the Magento Admin Panel menu, select System > Web Services > REST - Attributes.
- The REST Attributes page opens. From the list of user types, select the Admin type and click it.
- The page for editing attribute rules opens.
- In the User Type Resources panel, in the Resource Access drop-down list, select whether all or some specific resources will be limited to an Admin type of user by selecting the corresponding All or Custom options.
- If you select the Custom option, the resources tree appears. Each resource has options for selecting read and write permissions.
- Select the required options and click Save in the top right corner to apply changes.
Examples
This section provides some examples of limiting Guest and Customer access to certain resource elements.
Limiting Guest Access to Products
To allow Guests (users that are not registered in the Magento system) view only product name and final price with tax, perform the following steps:
- On the Magento Admin Panel menu, select System > Web Services > REST - Roles and select the Guest role.
- In the Role API Resources, specify the Retrieve option for the Product resource.
- Click Save Role on the top right corner to save the role.
- On the Magento Admin Panel menu, select System > Web Services > REST - Attributes and select Guest in the list of User Types.
- In the Resources tree, navigate to the Catalog Product node. In the Read subnode, select the Name and Final Price With Tax options.
- Click Save in the top right corner to save the selected attributes.
Limiting Customer Access to Products
To allow Customers (users that are registered in the Magento system) view only product name and final price with tax, perform the following steps:
- On the Magento Admin Panel menu, select System > Web Services > REST - Roles and select the Customer role.
- In the Role API Resources, specify the Retrieve option for the Product resource.
- Click Save Role on the top right corner to save the role.
- On the Magento Admin Panel menu, select System > Web Services > REST - Attributes and select Customer in the list of User Types.
- In the Resources tree, navigate to the Catalog Product node. In the Read subnode, select the Name and Final Price With Tax options.
- Click Save in the top right corner to save the selected attributes.
Create the Magento file system owner