Permissions

Last Edit: Mar 03 2020

The channel type also allows you to specify the permissions your chat can use. If not provided, the permissions will default to team’s channel type permissions.

The Channel object allows you to define a list of moderators and admins. The user object allows you to mark a user as a moderator or admin for your entire application.

Note that you can only modify these fields via the backend API:


// editing a channel (must be done server-side)
const channel = client.channel('organization', 'spacex').update({
    image: image,
    created_by: elon,
    roles: { 
      elon: 'admin', 
      gwynne: 'moderator' 
    },
});
                    

data = {
    "image": "https://path/to/image",
    "created_by": "elon",
    "roles": {"elon": "admin", "gwynne": "moderator"},
}

spacex_channel = client.channel("team", "spacex")
spacex_channel.update(data)
                    

// editing a channel (must be done server-side)
$data = [
    'image' => 'https://path/to/image2',
    'roles' => ['elon'=> 'moderator', 'gwynne'=> 'moderator']
];

$update = $channel->update($data);
                    

data := map[string]interface{}{
	"image":      "https://path/to/image",
	"created_by": "elon",
	"roles":      map[string]string{"elon": "admin", "gwynne": "moderator"},
}
        
spacexChannel := client.Channel("team", "spacex")
if err := spacexChannel.Update(data, nil); err != nil {
	log.Fatalf("Error: %v", err)
}
                    

You can edit a user like this:


await client.updateUser({
    id: 'tommaso',
    name: 'Tommaso Barbugli',
    role: 'admin',
});
                    

client.update_user({"id": "tommaso", "name": "Tommaso", "role": "admin"})
                    

$update = $client->updateUser([
    'id' => 'tommaso',
    'name' => 'Tommaso Barbugli',
    'role' => 'admin'
]);
                    

_, err := client.UpdateUser(&User{
	ID: "tommaso",
	Name: "Tommaso",
	Role: "Admin",
})
                    

Server-side, you’re allowed to do everything. For client-side integrations, the permission system kicks in. This system specifies a list of permissions the given user is allowed to do.

Changing user roles is only allowed server-side.

Permission checking is performed taking into account parameters:

  • API Request: the action the user is performing (e.g. send a message, edit a message, etc.)
  • User Role: the role of the user making the request
  • Channel Type: the channel type
  • Resource: the resource involved in the API call (e.g. a channel, a message, a user, etc.)
  • Ownership: whether or not the resource is owned by the user (when applicable)