This service is designed to be used by external service to discover some of the Metatoo authorisation data for a specified user. For example, a search interface could have a direct link to edit a record but unless authorisation information is available, that system has no way of knowing if the user is actually allowed to edit the record.
Note: by default, this service is only accessible from localhost, if you wish to grant external access, add auth.ip to the configuration file with a space separated list of IP addresses: e.g. auth.ip 127.0.0.1 192.168.1.2
This authorisation service is REST based and takes a single user ID as parameter: e.g. http://localhost/cgi-bin/urbit_auth?id=root
The result is an XML record with the following main elements: diagnostic: internal diagnostic, fields: fields from the authentication record, flags: authorisation flags, groups: main and extra groups this user belongs to. Example record:
<authentication>
<diagnostic>
<id>darcimm</id>
<grp>dtu_imm</grp>
</diagnostic>
<fields>
<email>pf@dtv.dk</email>
<grp>dtu_imm</grp>
<id>darcimm</id>
<switch_id/>
</fields>
<flags>
<flag>default_document</flag>
<flag>default_document_create</flag>
<flag>default_document_pe</flag>
<flag>default_document_view</flag>
<flag>document_group_list</flag>
<flag>document_proof_o21</flag>
<flag>document_search</flag>
<flag>document_su_in</flag>
<flag>document_su_in_create</flag>
<flag>document_su_l</flag>
<flag>document_su_pr</flag>
<flag>fit_authorisation_view</flag>
<flag>fit_authority_view</flag>
<flag>fit_javascript_view</flag>
<flag>fit_view_view</flag>
</flags>
<groups>
<group>dtu_imm</group>
</groups>
</authentication>
This service does not return table level authorisation information because the resulting XML would be too complicated and hard to use by an external service anyway.
You can however deduce some things based on your authentication rules. For example, by default a user is always able to edit is own records, this will mean that darcimm user will be able to edit all his own records.
Further more, there are super-user flags defined which allows a user to edit records of a certain time if they are part of a group to which he belongs. For example, the user above has the flag document_su_l and has access to group dtu_imm, which means he will be able to edit all dtu_imm literature records.