# Role management Create new group --------- ```eval_rst .. http:put:: /aalam/base/groups ``` Group is a collection of users and this API help you create anew group **Permissions** *Permissions* _all_ of the following permissions - Groups/manage **Outputs** - Group is created successfully *Status code*: 200 - Group name already exists *Status code*: 409 **Inputs** - The details of the group are sent as input data *Content type*: application/json *Content specification* ``` { "name": "Name of the group (mandatory)", "description": "Description about the group (optional)" } ``` List groups --------- ```eval_rst .. http:get:: /aalam/base/groups ``` This api lists all the groups that are created so far. **Permissions** *Flags* - deny_anon **Outputs** - Fetched the groups successfully. *Status code*: 200 *Content type*: application/json *Content specification* ``` [ { "name": "Name of the group", "description": "Description about the group" } ] ``` Assign items to groups --------- ```eval_rst .. http:put:: /aalam/base/group/{group_name} ``` Assign a list of users or groups or permissions to an existing group.The users of this group and the users of member groups will inheritthis permission. **Permissions** *Permissions* _all_ of the following permissions - Groups/manage **Outputs** - Items assigned the group successfully. *Status code*: 200 - The group name is not found *Status code*: 404 - Input data is not correct. *Status code*: 400 - Forbidden to assign on 'Administrators' group *Status code*: 403 **Inputs** - The input should have atleast of one of 'user', 'groups' and 'permissions'. *Content type*: application/json *Content specification* ``` { "users": [(optional) list of user email ids], "groups": [(optional) list of groups], "permissions": [(optional)list of fully qualified permission names] } ``` Delete group user --------- ```eval_rst .. http:delete:: /aalam/base/group/{group_name}/user/{user_id} ``` Remove user with email id {user_id} from group of name {group_name},this user will no more inherit the permissions assigned on this group **Permissions** *Permissions* _all_ of the following permissions - Groups/manage **Outputs** - Successfull deleted user from the group *Status code*: 200 - Either {group_name} or {user_id} cannot be found, or the user is not yet assigned to this group *Status code*: 404 Delete sub-group --------- ```eval_rst .. http:delete:: /aalam/base/group/{group_name}/group/{group_member} ``` Remove group member of name {group_member} from group of name{group_name}, the members of {group_member} group will no longerinherit permissions assigned on this group **Permissions** *Permissions* _all_ of the following permissions - Groups/manage **Outputs** - Deleted the group member successfully *Status code*: 200 *Content type*: application/json - Unable to find group with name {group_name} *Status code*: 404 Revoke group permission --------- ```eval_rst .. http:delete:: /aalam/base/group/{group_name}/permission/{provider}/{app}/{perm_group}/{perm_name} ``` Revoke the permisson from group of name {group_name}. All the membersof this groups will no more have this permission. If the user is amember of a different group which has this permission assigned, theuser will still be holding this permission. **Permissions** *Permissions* _all_ of the following permissions - Groups/manage **Outputs** - Revoked group permission successfull *Status code*: 200 - Either {group_name} or permission name is invalid, or this permission is not assigned on this group *Status code*: 404 Delete group --------- ```eval_rst .. http:delete:: /aalam/base/group/{group_name} ``` Delete the group. By deleting the members of this group will no longerinherit any of the permissions assigned on this group **Permissions** *Permissions* _all_ of the following permissions - Groups/manage **Outputs** - The group is deleted *Status code*: 200 - No group found with {group_name} *Status code*: 404 Update group --------- ```eval_rst .. http:post:: /aalam/base/group/{group_name} ``` Update the group's name and description **Permissions** *Permissions* _all_ of the following permissions - Groups/manage **Parameters** - name > New name to replace the group's existing name - description > New description to replace the group's existing description **Outputs** - Update successfull *Status code*: 200 - No group found with {group_name} *Status code*: 404 Get group info --------- ```eval_rst .. http:get:: /aalam/base/group/{group_name} ``` Get detailed information about a group **Permissions** *Flags* - deny_anon **Outputs** - Succefully fetched the group information *Status code*: 200 *Content type*: application/json *Content specification* ``` { "users": [List of email ids of user members], "groups": [List of name of group members], "permissions": [List of fully qualified names of the permissions] } ``` - Unable to find a group with {group_name} *Status code*: 404 List permission groups --------- ```eval_rst .. http:get:: /aalam/base/permissions ``` List all the permission groups of all apps **Permissions** *Permissions* _any_ of the following permissions - Groups/manage - Users/manage **Outputs** - Fetched the perimssion groups successfully *Status code*: 200 *Content specification* ``` [{ "name": "Name of the permission group", "description": "Description of the permission group", "provider_code": "Code of the provider to which permission group belongs", "app_code": "App's code value", "app_name": "Name of the application which owns this permission group" }, ... ] ``` List app permission groups --------- ```eval_rst .. http:get:: /aalam/base/permissions/{provider}/{app} ``` List all the permission groups owned by {provider}/{app} **Permissions** *Permissions* _any_ of the following permissions - Groups/manage - Users/manage **Outputs** - Listing successfull *Status code*: 200 *Content type*: application/json *Content specification* ``` [{ "name": "Name of the permission group", "description": "Description of the permission group", }, ... ] ``` List app permissions --------- ```eval_rst .. http:get:: /aalam/base/permissions/{provider}/{app}/{perm_group_name} ``` List all the permissions grouped under {perm_group_name} ownedby {provider}/{app} **Permissions** *Permissions* _any_ of the following permissions - Groups/manage - Users/manage **Outputs** - Listing successfull *Status code*: 200 *Content type*: application/json *Content specification* ``` [{ "id": "(integer) Permission identifier", "name": "Name of the permission", "description": "Description of the permission", }, ... ] ``` Grant permission --------- ```eval_rst .. http:put:: /aalam/base/permissions/{provider}/{app}/{perm_group_name}/{perm} ``` Grant a single permission permission to a list of users or groups. **Permissions** *Permissions* _all_ of the following permissions - Groups/manage - Users/manage **Outputs** - Permissions granted successfully *Status code*: 200 - Either some of the users or groups are not found *Status code*: 404 **Inputs** - Details of the permissions are passed as input data *Content type*: application/json *Content specification* ``` { "users": [List of user email ids], "groups": [List of group names] } ``` Revoke user permission --------- ```eval_rst .. http:delete:: /aalam/base/permissions/{provider}/{app}/{perm_group_name}/{perm}/user/{user_email} ``` Revoke a permission which was granted to a user already. **Permissions** *Permissions* _all_ of the following permissions - Users/manage **Outputs** - Successfully revoked user permission *Status code*: 200 - Either the user is not valid, or this permission is not assigned to the user *Status code*: 404 Revoke group permission --------- ```eval_rst .. http:delete:: /aalam/base/permissions/{provider}/{app}/{perm_group_name}/{perm}/group/{group_name} ``` Revoke a permission on a group **Permissions** *Permissions* _all_ of the following permissions - Groups/manage **Outputs** - Revoked permission successfully *Status code*: 200 - Either the group is not valid, or this permission is not assigned to the group. *Status code*: 404