I have extended the backoffice of Umbraco to include a new section. I have an angular controller which is used to edit/save a custom type. I use the contentResource service to fetch information regarding a specific content node (in this situation I want the URL). Below is example code that I have used:

   contentResource.getById(1124).then(function (node) {
                    $scope.url = node.urls[0] + $scope.customtype.Id + "/"; 
                });

As you can see, I use this to build a new custom Url for that custom type. When I am logged into Umbraco as an administrator, it works fine. If I login as a user with access to only the custom section and nothing else, it works fine. However, if I login as a user who is not an administrator but has access to content, media and the custom section, I get an authorization error. I have tried looking further into it by inspecting the content node object returned by the API (when I am logged in as an admin). Now, I notice in the object it has administrator as the owner. I am just wondering if anyone knows how Umbraco determines the access levels when the call to the UmbracoApi is made? Does it check the content object owner to the current logged in user role before it returns the object?

Thanks