How to: Check if User Has Certian Permission – Facebook API

By On February 20, 2011 · 14 Comments

There are two three ways to check if the user has granted your application a specific Permission:

 

Using the Graph API

Now that Facebook added the permissions connection to the user object, you can easily check the user’s permission:

$permissions = $facebook->api("/me/permissions");
if( array_key_exists('publish_stream', $permissions['data'][0]) ) {
	// Permission is granted!
	// Do the related task
	$post_id = $facebook->api('/me/feed', 'post', array('message'=>'Hello World!'));
} else {
	// We don't have the permission
	// Alert the user or ask for the permission!
	header( "Location: " . $facebook->getLoginUrl(array("scope" => "publish_stream")) );
}
Back to top
 

Using the FQL permissions table

You can query the permissions table to check if a certain permission (or set of permissions) is granted:

SELECT read_stream FROM permissions WHERE uid=me()

We will give two examples of how to query this table in:

  • PHP:
    $perms = $facebook->api(array(
	"method"	=> "fql.query",
	"query"		=> "SELECT read_stream,offline_access,publish_stream FROM permissions WHERE uid=me()"
));
echo "<ul>";
foreach($perms[0] as $k=>$v) {
	echo "<li>";
	if($v === "1") {
		echo "<strong>$k</strong> permission is granted.";
	} else {
		echo "<strong>$k</strong> permission is not granted.";
	}
	echo "</li>";
}

    Output:

    • read_stream permission is not granted.
    • offline_access permission is not granted.
    • publish_stream permission is granted.
  • Javascript:
    FB.api({ method: 'fql.query', query: 'SELECT read_stream,offline_access,publish_stream FROM permissions WHERE uid=me()' }, function(resp) {
	for(var key in resp[0]) {
		if(resp[0][key] === "1")
			console.log(key+' is granted')
		else
			console.log(key+' is not granted')
	}
});
Back to top
 

Using the REST API users.hasAppPermission method

It is worth mentioning that the users.hasAppPermission is still working and can be called from the Facebook PHP-SDK like so:

$isGranted = $facebook->api(array(
	"method"    => "users.hasAppPermission",
	"ext_perm"   => "publish_stream",
	"uid"       => 579187142
));
if($isGranted === "1")
	echo "Permission granted!";

Please note that this call doesn’t require the uid parameter, if you have a valid user session.

Now we call the same function in Javascript:

FB.api({ method: 'users.hasAppPermission', ext_perm: 'publish_stream' }, function(resp) {
	if (resp === "1") {
		alert('Permission granted');
	} else {
		alert("Permission not granted");
	}
});
Back to top
Tagged with:
 
If you enjoyed this article, please consider sharing it!
FacebookTwitterDelicious Digg
  • http://fbleadgen.com fbleadgen

    Very handy, especially since some users may manually alter the permissions your application has after their initial authorization with it!

    • Dontspam

      Doesn’t work! Fatal error: Uncaught OAuthException: An active access token must be used to query information about the current user. thrown in

  • Pingback: How To: Ask For Extended Permission In Your Facebook Application | API? Yes Master!

  • Seilor

    ha quiero jugar bien y no puedo con el error que me da facebook haaaaaaa quiero jugar bien zombie lane ayuda plis

    • http://www.masteringapi.com Ibrahim Faour

      Please write your comment in english, otherwise it’ll be deleted.

  • a b

    Hi I am using this code 

    $permissions = $facebook->api(“/me/permissions”);
    if( array_key_exists(‘publish_stream’, $permissions['data'][0]) ) {
    // Permission is granted!
    // Do the related task
    $post_id = $facebook->api(‘/me/feed’, ‘post’, array(‘message’=>’Hello World!’));
    } else {
    // We don’t have the permission
    // Alert the user or ask for the permission!
    header( “Location: ” . $facebook->getLoginUrl(array(“scope” => “publish_stream”)) );
    }

    and I the control never reaches else moreover if I just do this
    header( “Location: ” . $facebook->getLoginUrl(array(“scope” => “publish_stream”)) );without checking any condition it give me a redirect look error please help thanks

  • a b

    Hey sorry I tried it again and it works … apparently I didnot save the file my bad sorry

  • Cristóbal

    Great article, thanks!

  • http://www.uberweb.com.au Alex

    very helpful post, struggling for hours to check permission using the graph API and this javascript REST API just works!

  • http://www.r-gate.net/ Mohamed Tair

    Great article, thanks!

  • Tobia Scandolara

    Fatal error: Uncaught OAuthException: Invalid OAuth access token signature….why?? thanks

  • SamiSalami

    For me it always works like this:
    $user = $facebook->getUser();

    $perms = $facebook->api(“/$user/permissions”);

    I always tried “me” in the beginning, but that does not really work.

    • Miguel

      $perms = $facebook->api(“/me$user/permissions”, ‘GET’);

  • Vishwakumar Patil

    Excellent !! Thankyou :)