Are you an LLM? You can read better optimized documentation at /api/catalyst/resources/object-records/object-record-permission-set-user-assignees.md for this page in Markdown format
Assigning Users for Object Records Permission Set
This technical design describes API for managing Assigment user for Object Record Permission Set.
Endpoints for managing Permission Set are described in separated document.
Implementation details can be found in external document: Object Record Permission Sets - Technical Design.
GET /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/
Endpoint to receive list of ObjectRecordAssignee model objects for defined Object Record and Permission Set.
Permissions
Perm to check: object_record.view (for individual Object Record). Permission can be checked for example by retrieving details from list of Object Classes (GET /api/object-records/): _meta.permissions
URL parameters
| Key | Notes |
|---|---|
| record_id | Object Record ID |
| permission_set_id | Permission Set ID |
Request schema
- Headers
Request Method: GET
Location: /api/object-records/{record_id}/permission-sets/{permission_set_id}/assignees/users/
Authorization: JWT access_tokenResponse
| Key | Type | Notes |
|---|---|---|
| limit | int | |
| offset | int | |
| total_count | int | Total number of assignees for specific permission set related to specific object record. |
| filtered_count | int | Number of assignees if some filters are applied. |
| next | URL / null | Next page URL (null if there is no next page) |
| previous | URL / null | Previous page URL (null if there is no previous page) |
| results | Array | Described in the next table. |
Response results array
| Key | Type | Notes |
|---|---|---|
| id | int | |
| user | user | |
| created_at | datetime | |
| created_by | user |
Response schema
- Status
200 OK - Body:
json
{
"limit": <int>,
"offset": <int>,
"filtered_count": <int>,
"total_count": <int>,
"next": <str|null>,
"previous": <str|null>,
"results": [
{
"id": <int>,
"user": <user>,
"created_at": <datetime>,
"created_by": <user>
}
]
}Response example
json
{
"limit": 100,
"offset": 0,
"filtered_count": 1,
"total_count": 1,
"next": null,
"previous": null,
"results": [
{
"id": 6,
"user": {
"id": 11,
"first_name": "John",
"last_name": "Smith",
"company_name": "Company1",
"username": "john.smith@mail.com",
"is_deleted": false
},
"created_at": "2021-05-18T06:39:17.688341Z",
"created_by": {
"id": 5,
"first_name": "Ann",
"last_name": "Jackson",
"company_name": "Company1",
"username": "ann.jackson@mail.com",
"is_deleted": false
}
}
]
}Sorting
Not available. Results are not sorted - order returned by database.
Filtering
No filters.
Errors
| Error | Response code | Message |
|---|---|---|
Object Record for record_id not found. | 403 Forbidden | |
Permission set for permission_set_id not found (for given record_id). | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
POST /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/
Endpoint to create ObjectRecordPermissionSet model object. Batch operation - adds single or multiple users (members) as assignees to specific permission set.
Permissions
Perm to check: object_records.edit_owners (for individual Object Class). Permission can be checked for example by retrieving details of Object Classes (GET /api/object-classes/): _meta.permissions
URL parameters
| Key | Notes |
|---|---|
| record_id | Object Record ID |
| permission_set_id | Permission Set ID |
Request Schema
- Headers
Request Method: POST
Location: /api/object-records/{record_id}/permission-sets/{permission_set_id}/assignees/users/
Authorization: JWT access_token- Body
json
[<int>]In body must be sent list of users ids to be assigned.
json
[<user_id>, <user_id>]⚠️ 1 Time Completion accounts cannot be assignee.
If some of users is already an assignee for given permission set, then request should be silently accepted without an error or a warning.
created_atandcreated_byfields are set automatically if relation does not exist.
Request example
json
[2734, 7231]Response example
| Key | Type | Notes |
|---|---|---|
| id | int | Automatically generated by the backend. |
| user | user | |
| created_at | datetime | |
| created_by | user |
- Status
201 CREATED - Body
json
[
{
"id": 987,
"user": {
"id": 100,
"first_name": "John",
"last_name": "Smith",
"company_name": "Company1",
"username": "john.smith@mail.com",
"is_deleted": false
},
"created_at": "2021-07-05T06:49:30.688714Z",
"created_by": {
"id": 5,
"first_name": "Ann",
"last_name": "Jackson",
"company_name": "Company2",
"username": "ann.jackson@mail.com",
"is_deleted": false
}
},
{
"id": 988,
"user": {
"id": 30078,
"first_name": "Jack",
"last_name": "Lee",
"company_name": "Company1",
"username": "lee.jack@mail.com",
"is_deleted": false,
"account_type": "full"
},
"created_at": "2021-07-05T06:49:30.688714Z",
"created_by": {
"id": 5,
"first_name": "Ann",
"last_name": "Jackson",
"company_name": "Company2",
"username": "ann.jackson@mail.com",
"is_deleted": false,
"account_type": "super_admin"
}
}
]Restriction
- Max
100users ids in one request - Max
100items of Object Record Assignees (per Object Record and Permission Set)
Errors
| Error | Response code | Message |
|---|---|---|
| Given empty list | 400 Bad Request | "detail": ["This list may not be empty."] |
| Given different type than list | 400 Bad Request | "detail": ["Expected a list of items but got type "{type}"."] |
| List contains item of wrong type | 400 Bad Request | "detail": ["Incorrect type. Expected pk value, received {type}."] |
| User does not exist for given ID in list | 400 Bad Request | "detail": ["Invalid pk "{user_id}" - object does not exist."] |
| Given ID is for 1 Time Completion account | 400 Bad Request | "detail": ["1 Time Completion account "{user_id}" cannot be assignee."] |
| More than 100 items on a list | 400 Bad Request | "detail": ["Up to 100 items allowed."] |
| Limit of Assignees for Object Record and Permission Set exceeded. | 400 Bad Request | "detail": "Limit of 100 Permission Set Assignees has been exceeded.", "error_code": "ERR_LIMIT_EXCEEDED" |
Wrong/not existing permission_set_id | 404 Not Found | |
Wrong/not existing record_id | 403 Forbidden | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
OPTIONS /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/
Endpoint returns schema for POST and GET.
Permissions
Requires authentication only.
URL parameters
| Key | Notes |
|---|---|
| record_id | Object Record ID |
| permission_set_id | Permission Set ID |
Request schema
- Headers
Request Method: OPTIONS
Location: /api/object-records/`record_id`/permission-sets/`permission_set_id`/assignees/users/Response example
- Status
200 OK - Body
json
{
"list": {
"columns": [
{
"alias": "id",
"type": "int",
"predicates": [],
"sort_ok": false
},
{
"alias": "user",
"type": "user",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_at",
"type": "datetime",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_by",
"type": "user",
"predicates": [],
"sort_ok": false
}
]
},
"batch": {
"type": "set",
"required": true,
"autocomplete": "/api/users/autocomplete/?account_type!=one_time_completion&text__icontains="
},
"restrictions": {
"limit_items": 100,
"limit_items_in_batch": 100
}
}| Error | Response code | Message |
|---|---|---|
Wrong/not existing record_id or permission_set_id | 404 Not Found |
DELETE /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/
Batch operation - removes users (assignees) from a permission set.
Permissions
Perm to check: object_records.edit_owners (for individual Object Class). Permission can be checked for example by retrieving details from list of Object Classes (GET /api/object-classes/): _meta.permissions.
URL parameters
| Key | Notes |
|---|---|
| record_id | Object Record ID |
| permission_set_id | Permission Set ID |
Request schema
- Headers
Request Method: DELETE
Location: /api/object-records/{record_id}/permission-sets/{permission_set_id}/assignees/users/
Authorization: JWT access_token- Body
In body must be sent list of Object Record Users Assignees ids.
json
[<user_id>, <user_id>]Response example
- Status
204 No Content
Restrictions
- Max
100users ids in one request
Errors
| Error | Response code | Message |
|---|---|---|
| Given empty list | 400 Bad Request | "detail": ["This list may not be empty."] |
| Given different type than list | 400 Bad Request | "detail": ["Expected a list of items but got type "{type}"."] |
| List contains item of wrong type | 400 Bad Request | "detail": ["Incorrect type. Expected pk value, received {type}."] |
| Assignee does not exist for given ID in list | 400 Bad Request | "detail": ["Invalid pk "{assignee_id}" - object does not exist."] |
| More than 100 items on a list | 400 Bad Request | "detail": ["Up to 100 items allowed."] |
Wrong/not existing permission_set_id | 404 Not Found | |
Wrong/not existing record_id | 403 Forbidden | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
Not allowed endpoints
GET /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/id/
Response example
- Status
405 Method Not Allowed
PATCH /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/id/
Response example
- Status
405 Method Not Allowed
PUT /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/id/
Response example
- Status
405 Method Not Allowed
DELETE /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/id/
Response example
- Status
405 Method Not Allowed
OPTIONS /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/id/
Response example
- Status
405 Method Not Allowed