Are you an LLM? You can read better optimized documentation at /api/catalyst/resources/object-classes/object-class-permission-sets.md for this page in Markdown format
Object Classes Permission Sets
This document describes API endpoints for managing Object Class Permission Sets. Theirs setup is configurable at Object Class level.
Permissions
| Permission | Manageable via Roles | Manageable via other ways | Description |
|---|---|---|---|
| object_class.view | true | view by Object Class permission sets | Allows access list |
| object_class.edit_perm_set | false |
Permissions for Object Class Permission Sets can be checked by:
| Context | Endpoint | Location | Available perms |
|---|---|---|---|
| Specific Object Class | GET /api/object-classes/{object_class_id}/ | _meta.permissions | view, edit_perm_set |
References
GET /api/object-classes/object_class_id/permission-sets/
Returns list of Object Class Permission Sets for specific Object Class.
Permissions
Requires authentication and object_class.view permission.
Request
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
GET /api/object-classes/`object_class_id`/permission-sets/Response
| Key | Type | Notes |
|---|---|---|
| limit | int | |
| offset | int | |
| total_count | int | Total number of results visible to the user (based on permissions). |
| filtered_count | int | Number of results visible to the user (based on permissions) with filters applied. |
| next | url | Next page URL (null if there is no next page) |
| previous | url | Previous page URL (null if there is no previous page) |
| results | Array | List of results. Described in the next table. |
Response results array
| Key | Type | Notes |
|---|---|---|
| id | int | |
| name | string | |
| permissions | Object | Complex object containing enabled permissions for resources. |
| created_at | datetime | |
| created_by | user | |
| modified_at | datetime | |
| modified_by | user |
- Successful status
200 OK - Response body schema
json
{
"limit": <int>,
"offset": <int>,
"filtered_count": <int>,
"total_count": <int>,
"next": <str>,
"previous": <str>,
"results": [
{
"id": <int>,
"name": <str>,
"permissions": {
"object_classes": [<str>],
"object_records": [<str>],
"tasks": [<str>]
},
"created_at": <datetime>,
"created_by": <user>,
"modified_at": <datetime>,
"modified_by": <user>
}
]
}Sorting
Not available. Results are sorted by {id} ascending.
Filtering
Not available.
Errors
| Error | Response code | Message |
|---|---|---|
| Object Class for {object_class_id} not found. | 404 Not found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
POST /api/object-classes/object_class_id/permission-sets/
Creates single Object Class Permission Set.
Permissions
Requires authentication and object_class.edit_perm_set permission.
Request
- URL parameters
| Key | Notes |
|---|---|
| object_class_id | Object Class ID |
- Body parameters
| Key | Type | Notes |
|---|---|---|
| name | string | Unique (case insensitive) for the given Object Class. |
| permissions | Object | Optional. Complex object containing configuration for resources' permissions to be enabled. |
Available resources for permissions:
object_classesobject_recordstasks
object_classes, object_records, tasks keys contain list of actions. By default, permissions are disabled if not given in request's body.
Valid actions for resources:
| object_classes | object_records | tasks |
|---|---|---|
Sent permissions are converted with dependencies described in technical doc.
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
POST /api/object-classes/`object_class_id`/permission-sets/
{
"name": <str>,
"permissions": {
"object_classes": [<str>],
"object_records": [<str>],
"tasks": [<str>]
}
}- Request example
json
{
"name": "PermSet",
"permissions": {
"object_classes": ["list", "view"],
"object_records": ["edit"],
"tasks": ["edit", "create"]
}
}Validations
- name
- Max length: 100
- Unique: for specific Object Class
- Maximum number of Object Class Permission Sets per specific Object Class: 10.
Response
| Key | Type | Notes |
|---|---|---|
| id | int | Automatically generated by the backend. |
| name | string | |
| permissions | Object | Complex object contains saved permissions' configuration. |
| created_at | datetime | |
| created_by | user | |
| modified_at | datetime | |
| modified_by | user |
- Successful status
201 Created - Response body schema
json
{
"id": <int>,
"name": <str>,
"permissions": {
"object_classes": [<str>],
"object_records": [<str>],
"tasks": [<str>]
},
"created_at": <datetime>,
"created_by": <user>,
"modified_at": <datetime>,
"modified_by": <user>
}Errors
| Error | Response code | Message |
|---|---|---|
| "name" is missing | 400 Bad Request | "name": [ "This field is required." ] |
| "name" is empty string | 400 Bad Request | "name": [ "This field may not be blank." ] |
| "name" is null | 400 Bad Request | "name": [ "This field may not be null." ] |
| "name" has > 100 chars | 400 Bad Request | "name": [ "Ensure this field has no more than 100 characters." ] |
| "name" is not unique for specific Object Class | 400 Bad Request | "name": [ "This field must be unique." ] |
Given NULL for permissions | 400 Bad Request | "permissions": ["This field may not be null."] |
Given wrong resource name for permissions | 400 Bad Request | "permissions": ["Invalid resource \"{given_wrong_resource_name}\"."] |
Given NULL for resource in permissions | 400 Bad Request | "permissions": {"{resource_name}": ["This field may not be null."] } |
Given wrong value for resource in permissions | 400 Bad Request | "permissions": {"{resource_name}": ["Invalid actions \"{given_wrong_value}\"."] } |
| Max 10 Permission Sets per class exceeded | 400 Bad Request | "detail": "Limit of 10 Object Class Permission Sets has been exceeded.", "error_code": "ERR_LIMIT_EXCEEDED" |
| Object Class with {object_class_id} does not exist | 404 Not found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
PATCH /api/object-classes/object_class_id/permission-sets/id/
Updates single Object Class Permission Set.
Permissions
Requires authentication and object_class.edit_perm_set permission.
Request
- URL parameters
| Key | Notes |
|---|---|
| object_class_id | Object Class ID |
| id | Object Class Permission Set ID |
- Body parameters
| Key | Type | Notes |
|---|---|---|
| name | string | Unique (case insensitive) for the given Object Class. Max length = 100 (configurable) |
| permissions | Object | Complex object containing configuration for resources' permissions to be enabled. |
Any parameter not listed above are silently ignored if passed.
Available resource keys for permissions:
object_classesobject_recordstasks
object_classes, object_records, tasks keys contain list of actions. All are optional. If some resource is omitted then permissions for it will not be modified.
Valid actions for resources:
| object_classes | object_records | tasks |
|---|---|---|
Sent permissions are converted with dependencies described in technical doc.
⚠️ If less actions will be sent than are already in setup, not mentioned actions will be removed if they do not depend on other enabled actions.
For instance:
Current actions:
["view", "edit"]. Sent actions:["view"]. Result actions:["view"].
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
PATCH /api/object-classes/`object_class_id`/permission-sets/`id`/
{
"name": <str>,
"permissions": {
"object_classes": [<str>],
"object_records": [<str>],
"tasks": [<str>]
}
}- Request example
json
{
"name": "PermSet",
"permissions": {
"object_classes": ["list", "view"],
"object_records": ["edit"],
"tasks": ["edit", "create"]
}
}Response
| Key | Type | Notes |
|---|---|---|
| id | int | |
| name | string | |
| permissions | Object | |
| created_at | datetime | |
| created_by | user | |
| modified_at | datetime | |
| modified_by | user |
- Successful status
200 OK - Response body schema:
json
{
"id": <int>,
"name": <str>,
"permissions": {
"object_classes": [<str>],
"object_records": [<str>],
"tasks": [<str>]
},
"created_at": <datetime>,
"created_by": <user>,
"modified_at": <datetime>,
"modified_by": <user>
}Errors
| Error | Response code | Message |
|---|---|---|
| "name" is empty string | 400 Bad Request | "name": [ "This field may not be blank." ] |
| "name" is null | 400 Bad Request | "name": [ "This field may not be null." ] |
| "name" has > 100 chars | 400 Bad Request | "name": [ "Ensure this field has no more than 100 characters." ] |
| "name" is not unique for specific Object Class | 400 Bad Request | "name": [ "This field must be unique." ] |
Given NULL for permissions | 400 Bad Request | "permissions": ["This field may not be null."] |
Given wrong resource name for permissions | 400 Bad Request | "permissions": ["Invalid resource \"{given_wrong_resource_name}\"."] |
Given NULL for resource in permissions | 400 Bad Request | "permissions": {"{resource_name}": ["This field may not be null."] } |
Given wrong action value for resource in permissions | 400 Bad Request | "permissions": {"{resource_name}": ["Invalid actions \"{given_wrong_value}\"."] } |
| Object Class with {object_class_id} does not exist | 404 Not Found | |
| Object Class Permission Set with {id} does not exist | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
DELETE /api/object-classes/object_class_id/permission-sets/id/
Deletes single Object Class Permission Set.
Permissions
Requires authentication and object_class.edit_perm_set permission.
Request
- URL parameters
| Key | Notes |
|---|---|
| object_class_id | Object Class ID |
| id | Object Class Permission Set ID |
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
DELETE /api/object-classes/`object_class_id`/permission-sets/`id`/Response
- Successful status
204 No Content
Errors
| Error | Response code | Message |
|---|---|---|
| Object Class with "{object_class_id}" does not exist | 404 Not found | |
| Object Class Permission Set with "{id}" does not exist | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
OPTIONS /api/object-classes/object_class_id/permission-sets/
Permissions
Requires authentication only.
Request
- URL parameters
| Key | Notes |
|---|---|
| object_class_id | Object Class ID |
- Headers
Content-Type: application/json
Authorization: JWT access_token- Schema
json
OPTIONS /api/object-classes/`object_class_id`/permission-sets/Response
- Successful status
200 OK - Response body:
json
{
"list": {
"columns": [
{
"alias": "id",
"type": "int",
"predicates": [],
"sort_ok": false
},
{
"alias": "name",
"type": "string",
"predicates": [],
"sort_ok": false
},
{
"alias": "permissions",
"type": "permissions",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_at",
"type": "datetime",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_by",
"type": "user",
"predicates": [],
"sort_ok": false
},
{
"alias": "modified_at",
"type": "datetime",
"predicates": [],
"sort_ok": false
},
{
"alias": "modified_by",
"type": "user",
"predicates": [],
"sort_ok": false
}
]
},
"details": {
"schema": [
{
"alias": "name",
"type": "string",
"required": true,
"validators": [
{
"type": "min_length",
"length": 1
},
{
"type": "max_length",
"length": 100
}
]
},
{
"alias": "permissions",
"type": "permissions",
"required": false,
"schema": [
{
"resource": "object_classes",
"actions": [
"list",
"view",
"edit",
"delete"
]
},
{
"resource": "object_records",
"actions": [
"view",
"edit",
"delete",
"create"
]
},
{
"resource": "tasks",
"actions": [
"view",
"edit",
"delete",
"create",
"complete",
"assign"
]
}
]
}
]
},
"restrictions": {
"limit_items": 10
}
}Errors
| Error | Response code | Message |
|---|---|---|
Object Class for object_class_id not found. | 404 Not Found |
Not allowed endpoints
GET /api/object-classes/object_class_id/permission-sets/id/
Response
- Status
405 Method Not Allowed