Web API for User Management: Difference between revisions

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search
(Created page with "This page describes all Web API operations for user management. == Entities == The user management API is based on the following entities: ===User/group=== The '''User/group...")
 
No edit summary
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
This page describes all Web API operations for user management.
This page describes Web API operations for managing users, groups, roles and permissions. See [[Roles_and_Permissions|more information]] how roles and permissions work in QPR ProcessAnalyzer.


== Entities ==
== Entities ==
The user management API is based on the following entities:
The user management API uses the following entities.


===User/group===
===User/group===
The '''User/group''' entity contains both users and groups.
''User/group'' entity describes both users and groups. Properties:
 
* Id (integer): user/group id.
Properties:
* IsGroup (boolean): ''false'' for users, ''true'' for groups.
* Id (integer): user/group id
* LoginName (string): user login name. Empty/ignored for groups.
* IsGroup (boolean): false for users, true for groups
* FullName (string): user/group full name.
* LoginName (string): user login name (empty/ignored for groups)
* Email (string): user/group email address.
* FullName (string): user/group full name
* Password (string): user password. Used only when creating or updating users.
* Email (string): user/group e-mail address
* IsActive (boolean): flag whether user/group is active.
* Password (string): user password (empty/ignored for groups)
* Description (string): user/group description.
* IsActive (boolean): flag whether user/group is active
* Description (string): user/group description


===Role assignment===
===Role assignment===
The '''Role assignment''' describes
''Role assignment'' entity describes that a role is given to a certain user/group. Note that role assignments don't have own id's, but they are identified by the combinations of all their property values. Properties:
 
* Id (integer): user/group id.
Properties:
* ProjectId (integer): project id used in project-specific role assignments. Not used for global permissions.
- Id (integer): user/group id
* RoleId (integer): role id.
- ProjectId (integer): project id (optional, means global permission if missing)
- RoleId (integer): role id


===Membership===
===Membership===
''Membership'' entity describes that a user belongs to a group. Note that memberships don't have own id's, but memberships are identified by the combinations of all their property values. Properties:
* GroupId (integer): parent (container) group id.
* MemberId (integer): child (member) user/group id.
* RoleName (string): Type of the membership. Supported types are '''Member''', '''HiddenMember''', '''Administrator'''.


Properties:
===Role===
- GroupId (integer): "parent" (container) group id
''Role'' entity describes a role in the system. Properties:
- MemberId (integer): "child" (member) user/group id
* Id (integer): role id.
- RoleName (enumerated string): membership role
* Name (string): role name.
Supported membership roles: Member, HiddenMember, Administrator.
* IsGlobal (boolean): ''true'' for global role, ''false'' for project-specific-only role. Note that a role can be both global and user-specific.
 
* IsProject (boolean): ''true'' for project-specific role, ''false'' for global-only role. Note that a role can be both global and user-specific.
Role:
- Id (integer): role id
- Name (string): role name
- IsGlobal (boolean): true is role is global, false otherwise
- IsProject (boolean): true if role is project-specific, false otherwise
Backend should ignore the following fields when updating existing role information:
- MaxModels (integer): maximum number of models
- MaxEvents (integer): maximum number of events
- MaxCaseAttributeTypes (integer): maximum number of case attribute types
- MaxEventAttributeTypes (integer): maximum number of event attribute types
- MaxTables (integer): maximum number of data tables
- MaxTableColumns (integer): maximum number of data table columns
- MaxTableRows (integer): maximum number of data table rows


User/group management API methods:
==Methods==
Notes:
* For all methods, both the request and response ''Content-Type'' header is ''application/json;charset=UTF-8''.
* In requests, there needs to be a header ''Authorization'' for authentication containing syntax ''Bearer <access token>''.


1. api/users GET - gets the list of users/groups
=== User and group entities ===
Supported query parameters (all optional):
<pre>
- isGroup (boolean): if false, only users are returned, if true, only groups are returned
GET api/users
- isActive (boolean): if false or omitted, all users/groups are returned, if true, only active users/groups are returned
</pre>
If no parameters are given, all existing users and groups are returned.
Gets a list of ''users/group'' entities. Can be an empty array if criteria specified by parameters is not matched. Supported query parameters:
Returns array of user/group objects (can be empty if criteria specified by parameters is not matched).
* ''isGroup'' (boolean): if ''false'', only users are returned; if true, only groups are returned. If omitted, both users and groups are returned.
* ''isActive'' (boolean): if ''false'' or omitted, all users/groups are returned; if ''true'', only active users/groups are returned.


2. api/users/{id} GET - gets information of the user/group with given id
<pre>
Returns the user/group object (can be null if not found).
GET api/users/{id}
</pre>
Gets information of the ''user/group'' with given ''id''. Returns the user/group object. Can return null if a user/group is not found.


3. api/users POST - creates a new user/group
<pre>
Takes the user/group object in the body (whose id is ignored if specified).
POST api/users
Returns id of the created user/group.
</pre>
Creates a new ''user/group''. Takes a user/group object in the body. Note that the ''id'' property is ignored if specified. Returns the id of the created user/group.


4. api/users PUT - updates an existing user/group
<pre>
Takes the user/group object in the body (whose isGroup is ignored if specified).
PUT api/users
</pre>
Updates an existing ''user/group''. Takes a user/group object in the body. Note that the ''isGroup'' property is ignored, because users cannot be changed to groups and vice versa.


5. api/users/roleassignments/{id} GET - gets the list of role assignments of the user/group with given id
=== Group memberships ===
Returns array of role assignment objects.
<pre>
GET api/users/memberships/{id}
</pre>
Gets a list of ''memberships'' of the user/group with given id. For a user, the method returns in which groups the user belongs to, and for a group the method returns users belonging to the group. Returns an array of membership objects, which can be empty if user/group is not a member of any group.


6. (later) api/projects/roleassignments/{id} GET - gets the list of role assignments of the project with given id
<pre>
Returns array of role assignment objects.
PUT api/users/memberships
</pre>
Adds a ''membership''. Takes a membership object in the body.


7. api/users/roleassignments PUT - adds a role assignment
<pre>
Takes the role assignment object in the body.
DELETE api/users/memberships
</pre>
Deletes a ''membership''. Takes a membership object in the body.


8. api/users/roleassignments DELETE - removes the role assignment
=== Roles assignments ===
Takes the role assignment object in the body.
<pre>
GET api/users/roleassignments/{id}
</pre>
Gets a list of ''role assignments'' of a user/group with the given id. Returns an array of role assignment objects.


9. api/users/memberships/{id} GET - gets the list of memberships of the user/group with given id
<pre>
Returns array of membership objects (can be empty if user/group is not member of any group).
PUT api/users/roleassignments
</pre>
Adds a ''role assignment''. Takes a role assignment object in the body.


10. api/users/memberships PUT - adds a membership
<pre>
Takes the membership object in the body.
DELETE api/users/roleassignments
</pre>
Deletes a ''role assignment''. Takes a role assignment object in the body.


11. api/users/memberships DELETE - removes the membership
<pre>
Takes the membership object in the body.
GET api/users/roles
</pre>
Gets a list of all roles in the system. Returns an array of ''role'' objects.


12. api/users/roles GET - gets the list of roles
[[Category: QPR ProcessAnalyzer]]
Returns array of all role objects.

Latest revision as of 19:30, 11 December 2021

This page describes Web API operations for managing users, groups, roles and permissions. See more information how roles and permissions work in QPR ProcessAnalyzer.

Entities

The user management API uses the following entities.

User/group

User/group entity describes both users and groups. Properties:

  • Id (integer): user/group id.
  • IsGroup (boolean): false for users, true for groups.
  • LoginName (string): user login name. Empty/ignored for groups.
  • FullName (string): user/group full name.
  • Email (string): user/group email address.
  • Password (string): user password. Used only when creating or updating users.
  • IsActive (boolean): flag whether user/group is active.
  • Description (string): user/group description.

Role assignment

Role assignment entity describes that a role is given to a certain user/group. Note that role assignments don't have own id's, but they are identified by the combinations of all their property values. Properties:

  • Id (integer): user/group id.
  • ProjectId (integer): project id used in project-specific role assignments. Not used for global permissions.
  • RoleId (integer): role id.

Membership

Membership entity describes that a user belongs to a group. Note that memberships don't have own id's, but memberships are identified by the combinations of all their property values. Properties:

  • GroupId (integer): parent (container) group id.
  • MemberId (integer): child (member) user/group id.
  • RoleName (string): Type of the membership. Supported types are Member, HiddenMember, Administrator.

Role

Role entity describes a role in the system. Properties:

  • Id (integer): role id.
  • Name (string): role name.
  • IsGlobal (boolean): true for global role, false for project-specific-only role. Note that a role can be both global and user-specific.
  • IsProject (boolean): true for project-specific role, false for global-only role. Note that a role can be both global and user-specific.

Methods

Notes:

  • For all methods, both the request and response Content-Type header is application/json;charset=UTF-8.
  • In requests, there needs to be a header Authorization for authentication containing syntax Bearer <access token>.

User and group entities

GET api/users

Gets a list of users/group entities. Can be an empty array if criteria specified by parameters is not matched. Supported query parameters:

  • isGroup (boolean): if false, only users are returned; if true, only groups are returned. If omitted, both users and groups are returned.
  • isActive (boolean): if false or omitted, all users/groups are returned; if true, only active users/groups are returned.
GET api/users/{id}

Gets information of the user/group with given id. Returns the user/group object. Can return null if a user/group is not found.

POST api/users

Creates a new user/group. Takes a user/group object in the body. Note that the id property is ignored if specified. Returns the id of the created user/group.

PUT api/users

Updates an existing user/group. Takes a user/group object in the body. Note that the isGroup property is ignored, because users cannot be changed to groups and vice versa.

Group memberships

GET api/users/memberships/{id}

Gets a list of memberships of the user/group with given id. For a user, the method returns in which groups the user belongs to, and for a group the method returns users belonging to the group. Returns an array of membership objects, which can be empty if user/group is not a member of any group.

PUT api/users/memberships

Adds a membership. Takes a membership object in the body.

DELETE api/users/memberships

Deletes a membership. Takes a membership object in the body.

Roles assignments

GET api/users/roleassignments/{id}

Gets a list of role assignments of a user/group with the given id. Returns an array of role assignment objects.

PUT api/users/roleassignments

Adds a role assignment. Takes a role assignment object in the body.

DELETE api/users/roleassignments

Deletes a role assignment. Takes a role assignment object in the body.

GET api/users/roles

Gets a list of all roles in the system. Returns an array of role objects.