A role has an a range of administrative scope, i.e. domains and units

Attributes

Attribute

type

values

default

mandate

comment

name

string

 

 

true

 

description

string

 

 

false

 

 

 

 

 

 

 

permits

coll

 

 

true

Role's permissions

domains

coll

 

 

 

Managing domains

users

coll

 

 

 

Assigned users

groups

coll

 

 

 

Assigned groups


Permit is a dynamic object with the following attributes:

Permit does not have any method.

/role/create

To create a new role, we must specify the name of the role and its administrative scope.  On success, the method always returns the internal role id of the newly created role. 
Parameters: 
\{
"attrs":\{list of attribute value pairs\}
\}
Response: 
\{
"error":0,
"result":\{"id":the id of the newly created role\}
\}
\\
+Examples 1:+
Method:/role/create
Parameters: 
\{
"attrs":
\{
"name":"sales manager", 
"permits":
\[
     \{
 "scope":"*.*",
"object":"user",
"actions":"create,list,view"
\}, 
      \{
"scope":"D1.U2",
"object":"token",
"actions":"create,delete,view"
\}           
\] 
\}
\}
Response: \{"error":0, "result":\{"id":1\}\}
\\
+Examples 2:+
Method:/role/create
Parameters: 
\{
"attrs":
\{
"name":"token manager", 
"domains":\{id:1, id:2\},
 "permits":
\[
     \{
 "scope":"A.?",// the unit the user belongs to
"object":"token",
"actions":"edit,view"
\}, 
      \{
 "scope":"A.?",// the unit the user belongs to
"object":"user",
"actions":"view"
\}           
\] 
\}
\}
Response: \{"error":0, "result":\{"id":1\}\}
\\

/role/search

+Examples:+
Method:/role/search
Parameters: 
\{
 "match":
\[
\["domain.id", "=", 1\]
\],
 "return":\["id","name"\],
 "sort":"id",
 "order":"asc",
 "max": 20,
 "offset": 10
\}
Response: 
\{
 "error":0,
"result":
\[
 \{
  "id",20,
"name":"sales manager",
\},
 \{
...
\}
\]
\}

/role/get

Method:/role/get
\\
+Example 1:+
Parameters: 
\{
 "match":
\[
 \["id", "=", 2\],
\],
 "return":
\[
"id",
"name", 
\{
"permits":
\[
"size",
\{elements:\["scope","object","actions"\]\}
\]
\}
\]
\}
Response: 
\{
 "error":0,
"result":
\{
 "id":"1",
 "name":"sales manager",
"permits":
\{
 "size":2,
 "elements":
\[
\{
"scope":"*",
 "object":"user"
 "actions":\["create","delete","view"\] 
\},
\{
...
\}
\]
\}
\}
\}
\\

/role/set

Method:/role/set
Parameters:
{
"id":1,
"attrs":{list of attributes}
}
Response:
{
"error":0
}

/role/delete

Method:/role/delete
Parameters:
{
"id":1
}
Response:
{
"error":0
}

/role/listActions

Method:/role/listActions
Parameters: 
\{
 "scope":"System" | "Domain" | "Unit
\}
Response: 
\{error:0, result:
    \{
        categories:
        \[            
            \{// category
                name:xx,
                displayName:xx,
                objects:
                \[
                    \{   //object
                        name:xx,
                        displayName:xx,
                        actions:
                        \[
                            \{ // action
                                name:xx,
                                displayName:xx
                            \}                            
                        \]
                    \}
                \]            
            \}
        \],
   objects:
   \[
                    \{   //object
                        name:'*',
                        displayName:'All Objects',
                        actions:
                        \[
                            \{ // action
                                name:
                                displayName:
                            \}
\\
                        \]
                    \}
   \]
    \}    
\}