Are you an LLM? You can read better optimized documentation at /api/catalyst/resources/user-groups/user-group-permission-set-assignees.md for this page in Markdown format
Assigning for User Groups Permission Set
This technical design describes API for managing assignees for User Groups Permission Set.
Endpoints for managing Permission Set are described in separated document.
Implementation details can be found in external document: User Groups Permission Sets - Technical Design.
POST /api/user-groups/group_id/permission-sets/permission_set_id/assignees/users/
Endpoint to create UsersGroupAssignee model object. Batch operation - adds single or multiple users (members) as assignees to specific permission set.
Permissions
Perm to check: user_groups.edit_perm_sets (for individual Users Group).
URL parameters
| Key | Notes |
|---|---|
| group_id | Users Group ID |
| permission_set_id | Permission Set ID |
Request Schema
- Headers
Request Method: POST
Location: /api/user-groups/{group_id}/permission-sets/{permission_set_id}/assignees/users/
Authorization: JWT access_token- Body
json
[<int>]In body must be sent list of users ids to be assigned.
json
[<user_id>, <user_id>]⚠️ 1 Time Completion accounts cannot be assignee.
If some of users is already an assignee for given permission set, then request should be silently accepted without an error or a warning.
created_atandcreated_byfields are set automatically if relation does not exist.
Request example
json
[2734, 7231]Response example
| Key | Type | Notes |
|---|---|---|
| user | user | |
| created_at | datetime | |
| created_by | user |
- Status
201 CREATED - Body
json
[
{
"user": {
"id": 100,
"first_name": "John",
"last_name": "Smith",
"company_name": "Company1",
"username": "john.smith@mail.com",
"is_deleted": false
},
"created_at": "2021-07-05T06:49:30.688714Z",
"created_by": {
"id": 5,
"first_name": "Ann",
"last_name": "Jackson",
"company_name": "Company2",
"username": "ann.jackson@mail.com",
"is_deleted": false
}
},
{
"user": {
"id": 30078,
"first_name": "Jack",
"last_name": "Lee",
"company_name": "Company1",
"username": "lee.jack@mail.com",
"is_deleted": false,
"account_type": "full"
},
"created_at": "2021-07-05T06:49:30.688714Z",
"created_by": {
"id": 5,
"first_name": "Ann",
"last_name": "Jackson",
"company_name": "Company2",
"username": "ann.jackson@mail.com",
"is_deleted": false,
"account_type": "super_admin"
}
}
]Restriction
- Max
100users ids in one request - Max
100items of Users Group Assignees (per Users Group and Permission Set)
Errors
| Error | Response code | Message |
|---|---|---|
| Given empty list | 400 Bad Request | "detail": ["This list may not be empty."] |
| Given different type than list | 400 Bad Request | "detail": ["Expected a list of items but got type "{type}"."] |
| List contains item of wrong type | 400 Bad Request | "detail": ["Incorrect type. Expected pk value, received {type}."] |
| User does not exist for given ID in list | 400 Bad Request | "detail": ["Invalid pk "{user_id}" - object does not exist."] |
| Insufficient permissions to user | 400 Bad Request | "detail": ["You do not have permission to assign user "user_id" to User Group Permission Set "group_id"."] |
| Given ID is for 1 Time Completion account | 400 Bad Request | "detail": ["1 Time Completion account "{user_id}" cannot be assignee."] |
| Attempt to assign assignees to the everyone or members perm set | 400 Bad Request | "detail": ["Assignees can not be set to this permission set type."] |
| More than 100 items on a list | 400 Bad Request | "detail": ["Up to 100 items allowed."] |
| Limit of Assignees for Object Record and Permission Set exceeded. | 400 Bad Request | "detail": "Limit of 100 permission set assignees has been exceeded.", "error_code": "ERR_LIMIT_EXCEEDED" |
Wrong/not existing permission_set_id | 404 Not Found | |
Wrong/not existing group_id | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
OPTIONS /api/user-groups/group_id/permission-sets/permission_set_id/assignees/users/
Endpoint returns schema for POST and GET.
Permissions
Requires authentication only.
URL parameters
| Key | Notes |
|---|---|
| group_id | Users Group ID |
| permission_set_id | Permission Set ID |
Request schema
- Headers
Request Method: OPTIONS
Location: /api/user-groups/`group_id`/permission-sets/`permission_set_id`/assignees/users/Response example
- Status
200 OK - Body
json
{
"list": {
"columns": [
{
"alias": "id",
"type": "int",
"predicates": [],
"sort_ok": false
},
{
"alias": "user",
"type": "user",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_at",
"type": "datetime",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_by",
"type": "user",
"predicates": [],
"sort_ok": false
}
]
},
"batch": {
"type": "set",
"required": true,
"autocomplete": "/api/users/autocomplete/?account_type!=one_time_completion&text__icontains="
},
"restrictions": {
"limit_items": 100,
"limit_items_in_batch": 100
}
}GET /api/user-groups/group_id/permission-sets/permission_set_id/assignees/users/
Endpoint to receive list of UsersGroupAssignee model objects for defined Users Group and Permission Set.
Permissions
Perm to check: user_groups.view.
URL parameters
| Key | Notes |
|---|---|
| group_id | Users Group ID |
| permission_set_id | Permission Set ID |
Request schema
- Headers
Request Method: GET
Location: /api/user-groups/`group_id`/permission-sets/`permission_set_id`/assignees/users/
Authorization: JWT access_tokenResponse
| Key | Type | Notes |
|---|---|---|
| limit | int | |
| offset | int | |
| total_count | int | Total number of assignees for specific permission set related to specific object record. |
| filtered_count | int | Number of assignees if some filters are applied. |
| next | URL / null | Next page URL (null if there is no next page) |
| previous | URL / null | Previous page URL (null if there is no previous page) |
| results | Array | Described in the next table. |
Response results array
| Key | Type | Notes |
|---|---|---|
| user | user | |
| created_at | datetime | |
| created_by | user |
Response schema
- Status
200 OK - Body:
json
{
"limit": <int>,
"offset": <int>,
"filtered_count": <int>,
"total_count": <int>,
"next": <str|null>,
"previous": <str|null>,
"results": [
{
"user": <user>,
"created_at": <datetime>,
"created_by": <user>
}
]
}Response example
json
{
"limit": 100,
"offset": 0,
"filtered_count": 1,
"total_count": 1,
"next": null,
"previous": null,
"results": [
{
"user": {
"id": 11,
"first_name": "John",
"last_name": "Smith",
"company_name": "Company1",
"username": "john.smith@mail.com",
"is_deleted": false
},
"created_at": "2021-05-18T06:39:17.688341Z",
"created_by": {
"id": 5,
"first_name": "Ann",
"last_name": "Jackson",
"company_name": "Company1",
"username": "ann.jackson@mail.com",
"is_deleted": false
}
}
]
}Sorting
Not available. Results are not sorted - order returned by database.
Filtering
No filters.
Errors
| Error | Response code | Message |
|---|---|---|
Object Record for group_id not found. | 403 Forbidden | |
Permission set for permission_set_id not found (for given record_id). | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
DELETE /api/user-groups/group_id/permission-sets/permission_set_id/assignees/users/
Endpoint to remove UsersGroupAssignee model objects. Batch operation - removes users (assignees) from a permission set. User assigned to the permission set will be removed from assignees also if he is anonymized.
Permissions
Perm to check: user_groups.edit_perm_sets (for individual Users Group).
URL parameters
| Key | Notes |
|---|---|
| group_id | Users Group ID |
| permission_set_id | Permission Set ID |
Request schema
- Headers
Request Method: DELETE
Location: /api/user-groups/{group_id}/permission-sets/{permission_set_id}/assignees/users/
Authorization: JWT access_token- Body
In body must be sent list of Users Group Assignees users ids.
json
[<user_id>, <user_id>]Response example
- Status
204 No Content
Restrictions
- Max
100users ids in one request
Errors
| Error | Response code | Message |
|---|---|---|
| Given empty list | 400 Bad Request | "detail": ["This list may not be empty."] |
| Given different type than list | 400 Bad Request | "detail": ["Expected a list of items but got type "{type}"."] |
| List contains item of wrong type | 400 Bad Request | "detail": ["Incorrect type. Expected pk value, received {type}."] |
| Assignee does not exist for given ID in list | 400 Bad Request | "detail": ["Invalid pk "{assignee_id}" - object does not exist."] |
| More than 100 items on a list | 400 Bad Request | "detail": ["Up to 100 items allowed."] |
Wrong/not existing permission_set_id | 404 Not Found | |
Wrong/not existing group_id | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
Not allowed endpoints
GET /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/id/
Response example
- Status
405 Method Not Allowed
PATCH /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/id/
Response example
- Status
405 Method Not Allowed
PUT /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/id/
Response example
- Status
405 Method Not Allowed
DELETE /api/object-records/record_id/permission-sets/permission_set_id/assignees/users/id/
Response example
- Status
405 Method Not Allowed
POST /api/user-groups/group_id/permission-sets/permission_set_id/assignees/user-groups/
Endpoint to create UsersGroupAssigneeUserGroups model object. Batch operation - adds single or multiple users_group (members) as assignees to specific permission set.
Permissions
Perm to check: user_groups.edit_perm_sets (for individual Users Group).
URL parameters
| Key | Notes |
|---|---|
| group_id | Users Group ID |
| permission_set_id | Permission Set ID |
Request Schema
- Headers
Request Method: POST
Location: /api/user-groups/{group_id}/permission-sets/{permission_set_id}/assignees/user-groups/
Authorization: JWT access_token- Body
json
[<int>]In body must be sent list of users ids to be assigned.
json
[<users_group_id>, <users_group_id>]If some of user_groups is already an assignee for given permission set, then request should be silently accepted without an error or a warning.
created_atandcreated_byfields are set automatically if relation does not exist.
Request example
json
[2734, 7231]Response example
| Key | Type | Notes |
|---|---|---|
| id | int | Users Group ID |
| name | str | Users Group Name |
| created_at | datetime | |
| created_by | user |
- Status
201 CREATED - Body
json
[
{
"id": 2734,
"name": "Group1",
"created_at": "2021-07-05T06:49:30.688714Z",
"created_by": {
"id": 5,
"first_name": "Ann",
"last_name": "Jackson",
"company_name": "Company2",
"username": "ann.jackson@mail.com",
"is_deleted": false
}
},
{
"id": 7231,
"name": "Group2",
"created_at": "2021-07-05T06:49:30.688714Z",
"created_by": {
"id": 5,
"first_name": "Ann",
"last_name": "Jackson",
"company_name": "Company2",
"username": "ann.jackson@mail.com",
"is_deleted": false,
"account_type": "super_admin"
}
}
]Restriction
- Max
10user_groups ids in one request - Max
10items of Users Group Assignees (per Users Group and Permission Set)
Errors
| Error | Response code | Message |
|---|---|---|
| Given empty list | 400 Bad Request | "detail": ["This list may not be empty."] |
| Given different type than list | 400 Bad Request | "detail": ["Expected a list of items but got type "{type}"."] |
| List contains item of wrong type | 400 Bad Request | "detail": ["Incorrect type. Expected pk value, received {type}."] |
| Users Group does not exist for given ID in list | 400 Bad Request | "detail": ["Invalid pk "{id}" - object does not exist."] |
| Request user does not have "user_groups.list" permission for some User Groups passed in the payload | 400 Bad Request | “detail”: ["You do not have permission to assign user group "{group_id}" to User Group Permission Set "{perm_set_id}"."] |
| Attempt to assign assignees to the everyone or members perm set | 400 Bad Request | "detail": ["Assignees can not be set to this permission set type."] |
| More than 10 items on a list | 400 Bad Request | "detail": ["Up to 10 items allowed."] |
| Limit of Assignees for Object Record and Permission Set exceeded. | 400 Bad Request | "detail": "Limit of 10 permission set assignees has been exceeded.", "error_code": "ERR_LIMIT_EXCEEDED" |
Wrong/not existing permission_set_id | 404 Not Found | |
Wrong/not existing group_id | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
OPTIONS /api/user-groups/group_id/permission-sets/permission_set_id/assignees/user-groups/
Endpoint returns schema for POST and GET.
Permissions
Requires authentication only.
URL parameters
| Key | Notes |
|---|---|
| group_id | Users Group ID |
| permission_set_id | Permission Set ID |
Request schema
- Headers
Request Method: OPTIONS
Location: /api/user-groups/`group_id`/permission-sets/`permission_set_id`/assignees/user-groups/Response example
- Status
200 OK - Body
json
{
"list": {
"columns": [
{
"alias": "id",
"type": "int",
"predicates": [],
"sort_ok": false
},
{
"alias": "name",
"type": "string",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_by",
"type": "user",
"predicates": [],
"sort_ok": false
},
{
"alias": "created_at",
"type": "datetime",
"predicates": [],
"sort_ok": false
}
]
},
"batch": {
"type": "set",
"required": true,
"autocomplete": "/api/user-groups/autocomplete/?text__icontains="
},
"restrictions": {
"limit_items": 10,
"limit_items_in_batch": 10
}
}GET /api/user-groups/group_id/permission-sets/permission_set_id/assignees/user-groups/
Endpoint to receive list of UsersGroupAssigneeUserGroups model objects for defined Users Group and Permission Set.
Permissions
Perm to check: user_groups.view.
URL parameters
| Key | Notes |
|---|---|
| group_id | Users Group ID |
| permission_set_id | Permission Set ID |
Request schema
- Headers
Request Method: GET
Location: /api/user-groups/`group_id`/permission-sets/`permission_set_id`/assignees/user-groups/
Authorization: JWT access_tokenResponse
| Key | Type | Notes |
|---|---|---|
| limit | int | |
| offset | int | |
| total_count | int | Total number of assignees for specific permission set related to specific object record. |
| filtered_count | int | Number of assignees if some filters are applied. |
| next | URL / null | Next page URL (null if there is no next page) |
| previous | URL / null | Previous page URL (null if there is no previous page) |
| results | Array | Described in the next table. |
Response results array
| Key | Type | Notes |
|---|---|---|
| id | int | Users Group ID |
| name | str | Users Group Name |
| created_at | datetime | |
| created_by | user |
Response schema
- Status
200 OK - Body:
json
{
"limit": <int>,
"offset": <int>,
"filtered_count": <int>,
"total_count": <int>,
"next": <str|null>,
"previous": <str|null>,
"results": [
{
"id": <int>,
"name": <str>,
"created_at": <datetime>,
"created_by": <user>
}
]
}Response example
json
{
"limit": 100,
"offset": 0,
"filtered_count": 1,
"total_count": 1,
"next": null,
"previous": null,
"results": [
{
"id": 11,
"name": "Group1",
"created_at": "2021-05-18T06:39:17.688341Z",
"created_by": {
"id": 5,
"first_name": "Ann",
"last_name": "Jackson",
"company_name": "Company1",
"username": "ann.jackson@mail.com",
"is_deleted": false
}
}
]
}Sorting
Not available. Results are not sorted - order returned by database.
Filtering
No filters.
Errors
| Error | Response code | Message |
|---|---|---|
Object Record for group_id not found. | 403 Forbidden | |
Permission set for permission_set_id not found (for given record_id). | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
DELETE /api/user-groups/group_id/permission-sets/permission_set_id/assignees/user-groups/
Endpoint to remove UsersGroupAssigneeUserGroups model objects. Batch operation - removes user_groups (assignees) from a permission set.
Permissions
Perm to check: user_groups.edit_perm_sets (for individual Users Group).
URL parameters
| Key | Notes |
|---|---|
| group_id | Users Group ID |
| permission_set_id | Permission Set ID |
Request schema
- Headers
Request Method: DELETE
Location: /api/user-groups/{group_id}/permission-sets/{permission_set_id}/assignees/user-groups/
Authorization: JWT access_token- Body
In body must be sent list of Users Group Assignees users ids.
json
[<users_group_id>, <users_group_id>]Response example
- Status
204 No Content
Restrictions
- Max
10users ids in one request
Errors
| Error | Response code | Message |
|---|---|---|
| Given empty list | 400 Bad Request | "detail": ["This list may not be empty."] |
| Given different type than list | 400 Bad Request | "detail": ["Expected a list of items but got type "{type}"."] |
| List contains item of wrong type | 400 Bad Request | "detail": ["Incorrect type. Expected pk value, received {type}."] |
| Assignee does not exist for given ID in list | 400 Bad Request | "detail": ["Invalid pk "{assignee_id}" - object does not exist."] |
| More than 10 items on a list | 400 Bad Request | "detail": ["Up to 10 items allowed."] |
Wrong/not existing permission_set_id | 404 Not Found | |
Wrong/not existing group_id | 404 Not Found | |
| Insufficient permissions | 403 Forbidden | "detail": "You do not have permission to perform this action." |
Not allowed endpoints
GET /api/object-records/record_id/permission-sets/permission_set_id/assignees/user-groups/id/
Response example
- Status
405 Method Not Allowed
PATCH /api/object-records/record_id/permission-sets/permission_set_id/assignees/user-groups/id/
Response example
- Status
405 Method Not Allowed
PUT /api/object-records/record_id/permission-sets/permission_set_id/assignees/user-groups/id/
Response example
- Status
405 Method Not Allowed
DELETE /api/object-records/record_id/permission-sets/permission_set_id/assignees/user-groups/id/
Response example
- Status
405 Method Not Allowed