Roles and Rights

A admin user can create different roles. A role has details about which parts of the system a user can access.

When a role is assigned to a user the rights are visible in the /me request.

Get all rights groups

GET /rights-groups

All rights belong to a group, and can have dependencies on other rights.
If a right has dependencies, it can only be enabled if all of the dependencies are enabled.
If a right has user_types, it only works for the listed User Types.

Response
Status code 200

{
  "data": [
    {
      "name": "basic",
      "rights": [
        {
          "name": "additional_data",
          "assignable": true,
          "default": false,
          "dependencies": [
            "contacts"
          ],
          "group": "additional_data"
        },
        {
          "name": "cases",
          "assignable": true,
          "default": false,
          "dependencies": [
            "contacts",
            "email_inbox",
            "tasks.create"
          ],
          "group": "cases"
        }
      ]
    },
    {
      "name": "user_management",
      "rights": [
        {
          "name": "user_management.delete",
          "assignable": true,
          "default": false,
          "user_types": [
            "admin"
          ]
        },
        {
          "name": "user_management.invite",
          "assignable": true,
          "default": false,
          "user_types": [
            "admin",
            "team_admin"
          ]
        }
      ]
    }
  ]
}

Get all roles

GET /roles

Query string parameters

Response
Status code 200

{
  "data": [
    {
      "id": 1,
      "name": "Test role",
      "created_at": "2015-06-04 05:50:10",
      "updated_at": "2015-06-04 05:50:10"
    }
  ],
  "pagination": {
    "total": 12,
    "page": 1,
    "per_page": 15,
    "urls": {
      "previous": null,
      "next": null
    }
  }
}

Get a role

GET /roles/:role_id

Rights is an array of strings defining which rights a Role gives access to.
If a right is not present on the role, that means the role does not give access to it.

Response
Status code 200

{
  "id": 2,
  "name": "Can only access contacts",
  "rights": [
    "cases",
    "cases.create",
    "contacts"
  ],
  "created_at": "2015-06-04 05:50:10",
  "updated_at": "2015-06-04 05:50:10"
}

Create a role

POST /roles

Parameters

  • name string
    • Required
    • Must be unique.
  • rights array - List of right names.

Payload

{
  "name": "Some role",
  "rights": [
    "cases",
    "cases.create",
    "contacts"
  ]
}

Response
Status code 201

{
  "id": 13,
  "name": "Some role",
  "rights": [
    "cases",
    "cases.create",
    "contacts"
  ],
  "created_at": "2015-06-04 06:44:10",
  "updated_at": "2015-06-04 06:44:10"
}

Update a role

PUT /roles/:role_id

Parameters

  • name string
    • Required
    • Must be unique.
  • rights array - List of right names.

Payload

{
  "name": "Some role",
  "rights": [
    "cases",
    "cases.create",
    "contacts"
  ]
}

Response
Status code 200

{
  "id": 13,
  "name": "Some updated role",
  "rights": [
    "cases",
    "cases.create",
    "contacts"
  ],
  "created_at": "2015-06-04 06:44:10",
  "updated_at": "2015-06-04 06:46:20"
}

Delete a role

DELETE /roles/:role_id

Response
Status code 204

Get delete role impact

GET /roles/:role_id/delete-impact

Gets the amount of users in a company that are affected by the deletion.

Response
Status code 200

{
  "blocked_by": [],
  "deletes": [],
  "affects": [
    {
      "type": "users",
      "amount": 3
    }
  ]
}

Response
Status code 200