-
-
Notifications
You must be signed in to change notification settings - Fork 47
Authorization Management
There are Admin API's for authority management (User Roles, Privileges/Permissions)
A Privilege/Permission is the smallest piece of element which is responsible for accessing certain API or collection of API's.
It has two Main property and a Label
for human readability.
- label (Hoomans..! it's for you)
- name (A Unique String all uppercase sperated with underscore. Ex. CREATE_POST, VIEW_STATISTICS)
- access_urls (A role containing this privilege will have access to these urls)
A privilege can be created and maintained by admin users.
A Role contains a collection of privileges. It can also be considered as a group of privileges.
A User with certain role can have all the privileges inside that role, thus access all endpoints defined for those privileges.
- name (Any Unique String, Ex. Admin, Financial Advisor, Monitor)
- restricted (A boolean value)
- privileges (A collection of already created privileges)
Here, set restricted
to false when creating/updating a role, if you don't want your user to register for that certain role.
For example, for a ride sharing app, you may want your user to register for both Driver
and User
role, but you don't want them to register for admin
role.
- roles (A collection of already created roles)
GET /api/v1/admin/privileges HTTP/1.1
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
POST /api/v1/admin/privileges HTTP/1.1
Content-Type: application/json
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
{
"name": "update post",
"label": "update post",
"access_urls": [
"/api/v1/posts/update"
]
}
PATCH /api/v1/admin/privileges/{privilege_id} HTTP/1.1
Content-Type: application/json
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
{
"name": "UPDATE_POST",
"label": "Update Post",
"access_urls": [
"/api/v1/posts/update"
]
}
DELETE /api/v1/admin/privileges/{privilege_id} HTTP/1.1
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
You need to refresh application context to take effect privileges changes, each time after modifying privileges. Use this api below to refresh context
POST /api/v1/admin/app/context/refresh HTTP/1.1
Authorization: Bearer c5e3432c-3220-4309-9dde-77130c86f7a4
GET /api/v1/admin/roles HTTP/1.1
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
POST /api/v1/admin/roles HTTP/1.1
Content-Type: application/json
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
{
"name": "Editor",
"restricted": false,
"privilege_ids": [1,3]
}
PATCH /api/v1/admin/roles/{role_id} HTTP/1.1
Content-Type: application/json
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
{
"name": "Editor",
"restricted": false,
"privilege_ids": [3,5]
}
DELETE /api/v1/admin/roles/{role_id} HTTP/1.1
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
PUT /api/v1/admin/users/1/change_role?roles=1,2 HTTP/1.1
Host: localhost:8080
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b