Skip to content

Authorization Management

Jump to bottom
Sayem Hossain edited this page Nov 15, 2019 · 5 revisions

There are Admin API's for authority management (User Roles, Privileges/Permissions)

Architecture:

Privileges

A Privilege/Permission is the smallest piece of element which is responsible for accessing certain API or collection of API's.
It has two Main property and a Label for human readability.

  • label (Hoomans..! it's for you)
  • name (A Unique String all uppercase sperated with underscore. Ex. CREATE_POST, VIEW_STATISTICS)
  • access_urls (A role containing this privilege will have access to these urls)

A privilege can be created and maintained by admin users.

Roles

A Role contains a collection of privileges. It can also be considered as a group of privileges.
A User with certain role can have all the privileges inside that role, thus access all endpoints defined for those privileges.

  • name (Any Unique String, Ex. Admin, Financial Advisor, Monitor)
  • restricted (A boolean value)
  • privileges (A collection of already created privileges)

Here, set restricted to false when creating/updating a role, if you don't want your user to register for that certain role. For example, for a ride sharing app, you may want your user to register for both Driver and User role, but you don't want them to register for admin role.

User

  • roles (A collection of already created roles)

Implemented Admin API's

Privileges API's

Get all privileges

GET /api/v1/admin/privileges HTTP/1.1
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b

Create a privilege

POST /api/v1/admin/privileges HTTP/1.1
Content-Type: application/json
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b

{
	"name": "update post",
	"label": "update post",
	"access_urls": [
		"/api/v1/posts/update"
		]
}

Update a privilege

PATCH /api/v1/admin/privileges/{privilege_id} HTTP/1.1
Content-Type: application/json
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b

{
	"name": "UPDATE_POST",
	"label": "Update Post",
	"access_urls": [
		"/api/v1/posts/update"
		]
}

Delete a privilege

DELETE /api/v1/admin/privileges/{privilege_id} HTTP/1.1
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b

Refresh Application Context

You need to refresh application context to take effect privileges changes, each time after modifying privileges. Use this api below to refresh context

POST /api/v1/admin/app/context/refresh HTTP/1.1
Authorization: Bearer c5e3432c-3220-4309-9dde-77130c86f7a4

Roles API's

Get list of Roles

GET /api/v1/admin/roles HTTP/1.1
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b

Create a role with privileges

POST /api/v1/admin/roles HTTP/1.1
Content-Type: application/json
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
{
	"name": "Editor",
	"restricted": false,
	"privilege_ids": [1,3]
}

Update a role

PATCH /api/v1/admin/roles/{role_id} HTTP/1.1
Content-Type: application/json
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b

{
	"name": "Editor",
	"restricted": false,
	"privilege_ids": [3,5]
}

Delete a role

DELETE /api/v1/admin/roles/{role_id} HTTP/1.1
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b

Assign user roles

PUT /api/v1/admin/users/1/change_role?roles=1,2 HTTP/1.1
Host: localhost:8080
Authorization: Bearer 57dee02c-e1c2-433c-852f-fe2467afdb9b
Clone this wiki locally