Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POST /platforms/:platform/roles #43

Open
davidraker opened this issue Mar 7, 2022 · 1 comment
Open

POST /platforms/:platform/roles #43

davidraker opened this issue Mar 7, 2022 · 1 comment

Comments

@davidraker
Copy link
Contributor

davidraker commented Mar 7, 2022
edited
Loading

Create a new role on the specified platform.

The route to the new resource will be returned in the Location header of the response.

Note: Attempting to create a role with a role_name which already exists will return 409 Conflict with a Content-Location header pointing to the route of the conflicting record.

Request:

  • Authorization: BEARER <jwt_token>
    • Content Type: application/json
    • Body: 
      {
    "role_name": "<role>",
    "capabilities": [
        "<capability>",
        "<capability>",
        ...
    ]
}

Response:

  • With valid BEARER token on success: 201 Created
    • Location: /platforms/:platform/roles/:role
  • With valid BEARER token if role name already exists: 409 Conflict
    • Content Type: application/json
    • Content-Location: /vui/platforms/:platform/roles/:role_name
    • Body: 
      {
    "error": "Unable to create role: :role_name, as this role name already exists."
}
  • With valid BEARER token on other failure: 400 Bad Request
    • Content Type: application/json
    • Body: 
      {
    "error": "<Error Message>"
}
  • With invalid BEARER token: 401 Unauthorized
@davidraker
Copy link
Contributor Author

For this we need to use the auth service RPC method called "auth_file.set_roles".

Note that this method sets the ENTIRE roles dictionary, rather than appending to it. We can get the existing roles dictionary with the "auth_file.read" method, then modify and store it if appropriate (here is some pseudo-code where "role_name" is the name of the role we are adding -- we got that from the request body in the data variable.):

roles <--- _rpc('platform.auth', "auth_file.read")["roles"]

# Check that the role does not already exist, return error if it does.
if role_name in roles:
    return 409 Conflict response with a content-location header containing a route to the endpoint for the existing role entry.

# Add the role to the current roles dictionary and save it. Return a created response.
roles[role_name] <--- list of capabilities from the request body (in our data dictionary).
_rpc('platform.auth', "auth_file.set_roles", roles)
return 201 created with location header containing a route to the endpoint for the new role entry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidraker @architpansare