Managing user role assignments
Each user can be assigned a role for each application. This is normally done from the Users tab of the DreamFactory admin console but it can also be done via the API. If no assignment is made the user inherits the default role for the app, which can be set from the Apps tab in the admin console. To assign a role you have to include the relationship 'user_to_app_to_role_by_user_id'. As an example let's say we want to assign user id 100 with a certain role for a certain app. If the role id is 7 and the app id is 4, the following would create the required relationship to assign that role to that user for that app.
PUT /api/v2/system/user/100?related=user_to_app_to_role_by_user_id
{ "user_to_app_to_role_by_user_id": [{ "app_id": "4", "role_id": 7, "user_id": 100 }] }
To retrieve the role assignments, do a GET with relationship 'user_to_app_to_role_by_user_id'. The last one is the one we just created.
GET /api/v2/system/user/100?related=user_to_app_to_role_by_user_id
{ "id": 100, "user_to_app_to_role_by_user_id": [ { "id": 23, "user_id": 100, "app_id": 1, "role_id": 7 }, { "id": 24, "user_id": 100, "app_id": 2, "role_id": 7 }, { "id": 25, "user_id": 100, "app_id": 3, "role_id": 7 }, { "id": 26, "user_id": 100, "app_id": 4, "role_id": 7 } ] }
To modify a role assignment, do a PUT with relationship 'user_to_app_to_role_by_user_id'. This example changes the role id from 7 to 8, which changes the user's role for that app only.
IMPORTANT: You must provide the user_id for the assignments you are updating, otherwise they will be deleted.
PUT /api/v2/system/user/100?related=user_to_app_to_role_by_user_id
{ "user_to_app_to_role_by_user_id": [ { "id": 23, "user_id": 100, "app_id": 1, "role_id": 7 }, { "id": 24, "user_id": 100, "app_id": 2, "role_id": 7 }, { "id": 25, "user_id": 100, "app_id": 3, "role_id": 7 }, { "id": 26, "user_id": 100, "app_id": 4, "role_id": 8 } ] }
To delete a role assignment, do a PUT with relationship 'user_to_app_to_role_by_user_id'. Set the user_id field to null for the one you wish to delete. After deletion, the user will inherit the default role for that app.
PUT /api/v2/system/user/100?related=user_to_app_to_role_by_user_id
{ "user_to_app_to_role_by_user_id": [ { "id": 23, "user_id": 100, "app_id": 1, "role_id": 7 }, { "id": 24, "user_id": 100, "app_id": 2, "role_id": 7 }, { "id": 25, "user_id": 100, "app_id": 3, "role_id": 7 }, { "id": 26, "user_id": null, "app_id": 4, "role_id": 8 } ] }
These examples are for a single user, but multiple role assignments can be done on multiple users, all in the same call.