-
-
Notifications
You must be signed in to change notification settings - Fork 0
Permissions
Permissions define what actions can be performed on a resource. Each permission has a unique name and represents a specific action in the related resource. Each resource contains a list of policies which define permissions of members and groups. Upon every action, the API checks member policies and policies of group which the user is a member of. It will check the policies inside the resource as well as in check the policies of the parent resource in case of Group and Poll resources. Then API will calculate the maximum permission of the user based on all found policies and perform the action if the user has the required permission. Otherwise, the API will return an error.
Inside the policy, permissions are represented as integers. An integer can be converted to a binary number, in which each bit represents a specific permission. For example, if the permission is 4, the binary number then is 0b1010, it means that the resource has permissions 0b1000 and 0b0010. This system allows for efficient use of space as well as fast calculation of permissions. Using bitwise operators the system can quickly check if a user has a required permission.
There are currently 3 types/classes of permissions: Workspace Permissions, Group Permissions, and Poll Permissions.
=== "Workspace Permissions"
**`get_workspace`** - Get workspace information
**`update_workspace`** - Update workspace information (name, description)
**`delete_workspace`** - Delete workspace
**`get_members`** - Get list of members in the workspace
**`add_members`** - Add members to the workspace
**`remove_members`** - Remove members from the workspace
**`get_groups`** - Get list of groups in the workspace
**`add_groups`** - Add groups to the workspace
**`update_groups`** - Update groups in the workspace
**`delete_groups`** - Delete groups from the workspace
**`get_policies`** - Get list of policies in the workspace
**`add_policies`** - Add policies to the workspace
**`update_policies`** - Update policies in the workspace
**`delete_policies`** - Delete policies from the workspace
**`get_polls`** - Get list of polls in the workspace
**`create_polls`** - Create polls in the workspace
**`delete_polls`** - Delete polls from the workspace
=== "Group Permissions"
**`get_group`** - Get group information
**`update_group`** - Get group information
**`delete_group`** - Delete group
**`get_members`** - Get list of members in the group
**`add_members`** - Add members to the group
**`remove_members`** - Remove members from the group
**`get_policies`** - Get list of policies in the group
**`add_policies`** - Add policies to the group
**`update_policies`** - Update policies in the group (set permissions)
**`delete_policies`** - Delete policies from the group
=== "Poll Permissions"
**`get_poll`** - Get poll information
**`get_questions`** - Get questions in the poll
**`update_poll`** - Update poll (name, description, questions)
**`delete_poll`** - Delete poll
**`get_policies`** - Get list of policies in the poll
**`add_policies`** - Add policies to the poll
**`update_policies`** - Update policies in the poll (set permissions)
**`delete_policies`** - Delete policies from the poll
The user can request the list of all available permissions for a specific type of resource.
For example, to get list of available permissions for Workspace, the client can send a GET request to https://<api-url>/workspaces/permissions
Note: The user must be authenticated to make this request.
To update policies, the Request body accepts permissions as a list of strings. The API will convert the list of strings to the appropriate integer and store it in the database. When the API returns a list of policies, it will convert the digit to a list of strings.