Problem with Audit Log API. Bug?

  • 16 November 2021
  • 2 replies
  • 130 views

Hello,

I'm using your REST API Audit Log Endpoint to get what's the Role of each user in each board.

I have an user: raaf@xxxx.com that is a Free Restricted Member and it is returning this object:

{
            "type": "event",
            "details": {
                "role": "EDITOR"
            },
            "createdBy": {
                "type": "user",
                "id": 307XXX7360065256XXX,
                "name": “raaf”,
                "email": “raaf@xxxx.com”
            },
            "object": {
                "id": "307XXX736776477XXX,
                "name": “Bola”
            },
            "context": {
                "ip": "172.XX.324.73",
                "team": {
                    "type": "team",
                    "name": "Enterprise - Plan”,
                    "id": "307445XXX3657872XXX”
                },
                "organization": {
                    "type": "organization",
                    "name": “Bola”,
                    "id": "307XXX363XXX872XXX"
                }
            },
            "id": "3074457367766510XXX”,
            "createdAt": "2021-11-16T19:18:46.120+0000",
            "event": "board_opened"
        },

(due to privacy issues, I anonymised a lot of information above)

 

I can't understand why it's happening as Free Restricted Users can not have an Editor Role.

(source: https://help.miro.com/hc/en-us/articles/360017571514-Account-access-levels-Enterprise-plan-

Any Ideas?  

 


2 replies

Userlevel 5
Badge +1

Hi @rafasalo,

 

Thanks for reaching out. 

You’re correct in that a Free Restricted license does not allow users to edit, they can only view or comment. However, if a board owner invites a Free Restricted user to a board and assigns them editor rights, they have an option to “request” a full license on behalf of them. In the interim the Free Restricted user can only comment until the Full license is assigned. Behind the scene, that user gets assigned the role of “editor” but can’t actually edit the board until they receive the Full license. This is why you see editor in the REST API response.

 

@Anthony Roux 

 

I see. 

This is a huge bug. As I told you, I need to monitor the roles of each user and this "behind the scene" behaviour that only your application knows how to deal with it, makes my work impossible. The audit log is inconsistent. Basically you've created a schroeder's cat new role. It's seems like an  Editor but it could be a editor or a commenter.

Can you give me instructions of how I can see if someone is a REAL EDITOR or not? If your application knows it, I could infer in someway.

 

 

Or at least how I can understand if someone is a Free Restricted, a free user or a Paid user, at least with this info, I could do a double check

 

 

 

 

Reply