Managing user role assignments

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsManaging user role assignments

Each user can be assigned a role for each application. This is normally done from the Users tab of the DreamFactory admin console but it can also be done via the API. If no assignment is made the user inherits the default role for the app, which can be set from the Apps tab in the admin console. To assign a role you have to include the relationship 'user_to_app_to_role_by_user_id'. As an example let's say we want to assign user id 100 with a certain role for a certain app. If the role id is 7 and the app id is 4, the following would create the required relationship to assign that role to that user for that app.

PUT /api/v2/system/user/100?related=user_to_app_to_role_by_user_id  
{
	"user_to_app_to_role_by_user_id": [{
		"app_id": "4",
		"role_id": 7,
		"user_id": 100
	}]
}

To retrieve the role assignments, do a GET with relationship 'user_to_app_to_role_by_user_id'. The last one is the one we just created.

GET /api/v2/system/user/100?related=user_to_app_to_role_by_user_id  
{
	"id": 100,
	"user_to_app_to_role_by_user_id": [
		{
			"id": 23,
			"user_id": 100,
			"app_id": 1,
			"role_id": 7
		},
		{
			"id": 24,
			"user_id": 100,
			"app_id": 2,
			"role_id": 7
		},
		{
			"id": 25,
			"user_id": 100,
			"app_id": 3,
			"role_id": 7
		},
		{
			"id": 26,
			"user_id": 100,
			"app_id": 4,
			"role_id": 7
		}
	]
}

To modify a role assignment, do a PUT with relationship 'user_to_app_to_role_by_user_id'. This example changes the role id from 7 to 8, which changes the user's role for that app only. IMPORTANT: Make sure you include user_id in update requests. If you don't the assignment will be deleted, same as if you set it to null (see delete example below).

PUT /api/v2/system/user/100?related=user_to_app_to_role_by_user_id  
{
	"user_to_app_to_role_by_user_id": [
		{
			"id": 23,
			"user_id": 100,
			"app_id": 1,
			"role_id": 7
		},
		{
			"id": 24,
			"user_id": 100,
			"app_id": 2,
			"role_id": 7
		},
		{
			"id": 25,
			"user_id": 100,
			"app_id": 3,
			"role_id": 7
		},
		{
			"id": 26,
			"user_id": 100,
			"app_id": 4,
			"role_id": 8
		}
	]
}

To delete a role assignment, do a PUT with relationship 'user_to_app_to_role_by_user_id'. Set the user_id field to null for the one you wish to delete. After deletion, the user will inherit the default role for that app.

PUT /api/v2/system/user/100?related=user_to_app_to_role_by_user_id  
{
	"user_to_app_to_role_by_user_id": [
		{
			"id": 23,
			"user_id": 100,
			"app_id": 1,
			"role_id": 7
		},
		{
			"id": 24,
			"user_id": 100,
			"app_id": 2,
			"role_id": 7
		},
		{
			"id": 25,
			"user_id": 100,
			"app_id": 3,
			"role_id": 7
		},
		{
			"id": 26,
			"user_id": null,
			"app_id": 4,
			"role_id": 8
		}
	]
}

Multiple operations can be done on multiple users, all in the same call