GitLab CE API: Check if used token has admin rights
Question:
I am working on a Python module for the GitLab API. Is there any possibility to check if the user with the private token in use has admin rights on the GitLab server?
One way would be to get something from the API, e.g. a single user and check, if it has the elements only the admin can see like two_factor_enabled. But is there a better, easier way?
Answers:
If you GET /users and pass the sudo parameter you will get a JSON back that includes an is_admin attribute with a boolean value. You could use that Here is the documentation
According to the api help the is_admin key is now included for all single user api queries.
I just tested it with the api v4 on gitlab.com with the query:
curl --header "PRIVATE-TOKEN: Token" https://gitlab.com/api/v4/users/###
and the json answer included "is_admin":false for the specified user with the id ###.
Can run a query that works just for admins, for example:
curl --header "PRIVATE-TOKEN: Token" https://my.gitlab.host/api/v4/users?admins=true
Because admins=true works only for users with admin-rights, if you get any reply it means that token has admin-rights.
I am working on a Python module for the GitLab API. Is there any possibility to check if the user with the private token in use has admin rights on the GitLab server?
One way would be to get something from the API, e.g. a single user and check, if it has the elements only the admin can see like two_factor_enabled. But is there a better, easier way?
If you GET /users and pass the sudo parameter you will get a JSON back that includes an is_admin attribute with a boolean value. You could use that Here is the documentation
According to the api help the is_admin key is now included for all single user api queries.
I just tested it with the api v4 on gitlab.com with the query:
curl --header "PRIVATE-TOKEN: Token" https://gitlab.com/api/v4/users/###
and the json answer included "is_admin":false for the specified user with the id ###.
Can run a query that works just for admins, for example:
curl --header "PRIVATE-TOKEN: Token" https://my.gitlab.host/api/v4/users?admins=true
Because admins=true works only for users with admin-rights, if you get any reply it means that token has admin-rights.