Skip to content
This repository has been archived by the owner on Apr 27, 2021. It is now read-only.

Permissions

Jump to bottom
michael.vidal edited this page Jun 19, 2017 · 2 revisions

Permissions

The Permissions resource provide methods to read and write permissions.

Get

This method allows client applications to retrieve a list of permissions based on a grain, securableItem and optionally a permission name. This is not a user specific endpoint and will return all permissions for that grain/securableItem/{permissionName} combination regardless of user.

GET /permissions/{grain}/{securableItem}
GET /permissions/{grain}/{securableItem}/{permissionName}
GET /permissions/{permissionId}

Parameters

Name Location Type Description
grain path string The top level grain to return permissions for
securableItem path string the specific securableItem within the grain to return permissions for
permissionName path string the name of the permission
permissionId path Guid the unique identifier for the permission

Authorization

This request requires authorization with the following scopes:

  • fabric/authorization.read

Request Body

Do not supply a request body with this method

Responses

200

[
  {
    "id": guid,
    "grain": string,
    "securableItem": string,
    "name": string
  }
]

403 Forbidden

A Forbidden response will be returned in the following cases:

  • If the requested grain/securableItem does not match the clientid presented
  • If the access token can not be validated (i.e. is forged or doesn't have the correct scope)

Post

This method allows clients to add permissions to the Authorization service store.

POST /permissions/

Parameters

Name Location Type Description
None N/A N/A N/A

Authorization

This request requires authorization with the following scopes:

  • fabric/authorization.write

Request Body

{
    "grain": string,
    "securableItem": string,
    "name": string
}

Responses

201

A 201 created response will be returned if the permission is successfully created and will include the permission object that was created:

{
    "id": Guid,
    "grain": string,
    "securableItem": string,
    "name": string
}

400

A 400 Bad Request will be returned in the following cases:

  • If the request is malformed
  • If the permission already exists

403 Forbidden

A Forbidden response will be returned in the following cases:

  • If the requested grain/securableItem does not match the clientid presented
  • If the access token can not be validated (i.e. is forged or doesn't have the correct scope)

Delete

DELETE /permissions/{permissionId}

Parameters

Name Location Type Description
permissionId path guid The unique identifier for the permission to delete

Authorization

This request requires authorization with the following scopes:

  • fabric/authorization.write

Request Body

Do not supply a request body with this method

Responses

204

A 204 no content response will be returned if the permission is successfully deleted.

400

A 400 Bad Request response will be returned in the following cases:

  • The permission being deleted does not exist in the Authorization service data store
  • The request is malformed

403 Forbidden

A Forbidden response will be returned in the following cases:

  • If the requested grain/securableItem does not match the clientid presented
  • If the access token can not be validated (i.e. is forged or doesn't have the correct scope)

Table of Contents

Overview

API Reference

Installation

Clone this wiki locally