Let’s say you’ve written a Facebook App using the Facebook JavaScript API, and you don’t want to ask for a ton of permissions when the user signs up for your Facebook App because you’re afraid the permissions will scare them  away.

No worries.

What you can do is in JavaScript land ask for permissions when you need them.

How do you do this?

First, you’d define a handy dandy little JavaScript object to ask for permissions. I’m using ExtJs so I use Ext.define to define the object.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Ext.define('Common.FacebookSecurity',
{
    statics:
    {
         /** All functions here assume facebook api is already loaded */
         validatePermissions: function(permissions,FBObject,callbackFunction,scope,returnOnly)
         {
            FBObject.api('/me/permissions',function(response)
            {
                var values = response.data
[0];
                /** Some invocations may want to get the permissions results*/
                if(returnOnly)
                {
                    callbackFunction.call(scope,values);
                    return true;
                }
                var compPerms = "";
                for(var i = 0; i < permissions.length; i++)
                {
                    if(values[permissions[i]] != 1)
                    {
                        // if there's something already on the composite permissions, add "," before to separate.
                        compPerms = compPerms + (compPerms != "" ? "," : "") + permissions[i];
                    }
                }
                if(compPerms == "")
                {
                    callbackFunction.call(scope);
                    return true;
                }
                Common.FacebookSecurity.askPermission(compPerms,FBObject,callbackFunction,scope);
                return true;
            });
        },
        askPermission: function(permission,FBObject,callbackFunction,scope)
        {
            FBObject.ui(
            {
                method:"permissions.request",
                perms: permission
            },
            function(response)
            {
                if(response.perms == permission)
                {
                    callbackFunction.call(scope);
                }
                else
                {
                    Ext.Msg.alert("Warning! Some of the actions you selected cannot be performed without the permissions required by facebook");
                }
                return true;
            });
            return true;
        }
    }
});

After you define the FacebookSecurity object, you’re now able to ask for permissions on demand.

Let’s say that I want permission to the user_photos before I show the end user an album of their photos. I’d just wrap my code to show the album with the FacebookSecurity.validatePermissions call.

1
2
3
4
5
6
Common.FacebookSecurity.validatePermissions(['user_photos','publish_stream'],
    FB,function()
    {
        this.win.viewAlbums();
    }
 ,this);

If we don’t have permissions to see the user_photos or publish_stream, then we will invoke Facebook to prompt to grant access. If the user doesn’t grant access, then we don’t show the album.

Easy Enough?