Service: zimbraMail
Namespace: "urn:zimbraMail"
CheckPermission SOAP Command

Check if the authed user has the specified right(s) on a target.
If the specified target cannot be found:

e.g. With user1's auth token, the following checks if user1 can invite user2 and view user2's free/busy.
     <CheckPermissionRequest>
       <target type="account" by="name">user2@test.com</target>
       <right>invite</right>
       <right>viewFreeBusy</right>
     </CheckPermissionRequest>

     <CheckPermissionResponse allow="{1|0}">
       <right allow="{1|0}">invite</right>
       <right allow="{1|0}">viewFreeBusy</right>
     </CheckPermissionResponse>
 

Authorization token required true
Admin Authorization token required false
Deprecation information Note: to be deprecated in Zimbra 9. Use zimbraAccount CheckRights instead.

CheckPermissionRequest

    <CheckPermissionRequest> ## CheckPermissionRequest
        <target
                    type="{target-type} (account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global)"
                    by="{target-selector-by} (adminName|appAdminName|id|foreignPrincipal|name|krb5Principal)">{value}</target> ## TargetSpec
        (<right>{rights} (String)</right>)*
    </CheckPermissionRequest>

The following table describes elements and attributes you can define within a <CheckPermissionRequest> element:

XPath Required / Optional Description
/target Optional (0 or 1) Type:{value}
Target specification
Description for element text content:The key used to identify the target. Meaning determined by {target-selector-by}
/target@type Required (only 1) Type:account|calresource|cos|dl|group|domain|server|alwaysoncluster|ucservice|xmppcomponent|zimlet|config|global
Target type
/target@by Required (only 1) Type:adminName|appAdminName|id|foreignPrincipal|name|krb5Principal
Select the meaning of {target-selector-key}
/right Optional (0 or more) Type:{rights} (String)
Rights to check

CheckPermissionResponse

    <CheckPermissionResponse allow="{has-right-to-all} (0|1)"> ## CheckPermissionResponse
        (<right allow="{has-right-on-target} (0|1)">{rightName}</right> ## RightPermission)*
    </CheckPermissionResponse>

The following table describes elements and attributes you can define within a <CheckPermissionResponse> element:

XPath Required / Optional Description
@allow Required (only 1) Type:0|1
Set if the authed user has ALL the rights for each <right> element.
i.e. It is the AND result of each individual result
/right Optional (0 or more) Type:{rightName}
Individual right information
Description for element text content:Right name
/right@allow Required (only 1) Type:0|1
If set then the authed user has the right {right-name} on the target.