A role has an a range of administrative scope, i.e. domains and units
Attributes
Attribute |
type |
values |
default |
mandate |
comment |
name |
string |
|
|
true |
|
description |
string |
|
|
false |
|
|
|
|
|
|
|
permits |
coll |
|
|
true |
Role's permissions |
domains |
coll |
|
|
|
Managing domains |
users |
coll |
|
|
|
Assigned users |
groups |
coll |
|
|
|
Assigned groups |
Permit is a dynamic object with the following attributes:
- scope
- object
- actions
Permit does not have any method.
/role/create
To create a new role, we must specify the name of the role and its administrative scope. On success, the method always returns the internal role id of the newly created role.
Parameters:
{
"attrs":{list of attribute value pairs}
}
Response:
{
"error":0,
"result":{"id":the id of the newly created role}
}
Examples 1:
Method:/role/create
Parameters:
{
"attrs":
{
"name":"sales manager",
"permits":
[
{
"scope":".",
"object":"user",
"actions":"create,list,view"
},
{
"scope":"D1.U2",
"object":"token",
"actions":"create,delete,view"
}
]
}
}
Response: {"error":0, "result":{"id":1}}
Examples 2:
Method:/role/create
Parameters:
{
"attrs":
{
"name":"token manager",
"domains":{id:1, id:2},
"permits":
[
{
"scope":"A.?",// the unit the user belongs to
"object":"token",
"actions":"edit,view"
},
{
"scope":"A.?",// the unit the user belongs to
"object":"user",
"actions":"view"
}
]
}
}
Response: {"error":0, "result":{"id":1}}
/role/search
Examples:
Method:/role/search
Parameters:
{
"match":
[
["domain.id", "=", 1]
],
"return":["id","name"],
"sort":"id",
"order":"asc",
"max": 20,
"offset": 10
}
Response:
{
"error":0,
"result":
[
{
"id",20,
"name":"sales manager",
},
{
...
}
]
}
/role/get
Method:/role/get
Example 1:
Parameters:
{
"match":
[
["id", "=", 2],
],
"return":
[
"id",
"name",
{
"permits":
[
"size",
{elements:["scope","object","actions"]}
]
}
]
}
Response:
{
"error":0,
"result":
{
"id":"1",
"name":"sales manager",
"permits":
{
"size":2,
"elements":
[
{
"scope":"*",
"object":"user"
"actions":["create","delete","view"]
},
{
...
}
]
}
}
}
/role/set
Method:/role/set
Parameters:
{
"id":1,
"attrs":{list of attributes}
}
Response:
{
"error":0
}
/role/delete
Method:/role/delete
Parameters:
{
"id":1
}
Response:
{
"error":0
}
/role/listActions
Method:/role/listActions
Parameters:
{
"scope":"System" | "Domain" | "Unit
}
Response:
{error:0, result:
{
categories:
[
{// category
name:xx,
displayName:xx,
objects:
[
{ //object
name:xx,
displayName:xx,
actions:
[
{ // action
name:xx,
displayName:xx
}
]
}
]
}
],
objects:
[
{ //object
name:'*',
displayName:'All Objects',
actions:
[
{ // action
name:
displayName:
}
]
}
]
}
}