foliolib.folio.api.rolesKeycloak.Roleskeycloak
- class foliolib.folio.api.rolesKeycloak.Roleskeycloak(tenant: str)
Bases:
foliolib.folio.FolioApiMod Roles Keycloak API
Mod Roles Keycloak API
Base class of the Folio API
- Parameters
tenant (str) – Tenant id
Methods
assignrolestouser(userRolesRequest)Create a record associating role with user
createcapabilityset(capabilitySet)Create a capability set
createcapabilitysets(capabilitySets)Create one or more capability sets
createpolicies(policiesRequest)Create one or more policies
createpolicy(policy)Create a policy
createrole(role)Create a role
createrolecapabilities(roleCapabilitiesRequest)Create a record associating one or more capabilities with the role
Create a record associating one or more capabilities with the role
createroles(rolesRequest)Create one or more roles
createusercapabilities(userCapabilitiesRequest)Create a record associating one or more capabilities with a user.
Create a record associating one or more capabilities with a user.
deletecapabilityset(id_)Delete a capability set
deletepolicy(id_)Delete a policy
deleterole(id_)Delete a role
Removes all capabilities assignments for the specified role identifier
Removes all capability sets assignments for the specified role identifier
Removes all capability assignments for the specified user identifier
Removes all capability set assignments for the specified user identifier
deleteuserroles(id_)Delete a roles user by user ID
findcapabilities(**kwargs)Get capabilities by query
findcapabilitiesbycapabilitysetid(id_, **kwargs)Find capabilities by capability set ID
findcapabilitiesbyroleid(id_, **kwargs)Get capabilities assigned to role by role identifier
findcapabilitiesbyuserid(id_, **kwargs)Retrieve capabilities assigned to role by role identifier
findcapabilitysets(**kwargs)Get capabilities by query
findpolicies(**kwargs)Get policies by query
findroles(**kwargs)Get roles by query
finduserroles(**kwargs)Search user-role relations by CQL query
getcapabilitybyid(id_)Get capability by ID
getcapabilitysetbyid(id_)Get capability set by ID
getcapabilitysetsbyroleid(id_, **kwargs)Get capability sets assigned to role by role identifier
getcapabilitysetsbyuserid(id_, **kwargs)Retrieve capability sets assigned to role by role identifier
getpermissionsuser(id_, **kwargs)Get permissions by user ID
getpolicy(id_)Get policy by ID
getrole(id_)Get role by ID
getrolecapabilities(**kwargs)Get role-capability relation items by CQL query and pagination parameters
getrolecapabilitysets(**kwargs)Get role-capability-set relation items by CQL query
getusercapabilities(**kwargs)Search user capabilities by CQL query
getusercapabilitysets(**kwargs)Get user capabilities by CQL query and pagination parameters
getuserroles(id_)Get roles user by user ID
Migrate user policies from mod-permission to keycloak
updatecapabilityset(capabilitySet, id_)Update a capability set
updatepolicy(policy, id_)Update a policy
updaterole(role, id_)Update a role
Modifies the set of capabilities assigned to the specified role.
Modifies the set of capability sets assigned to the specified role.
Modifies the set of capabilities assigned to the specified user.
Modifies the set of capability sets assigned to the specified user.
updateuserroles(userRolesRequest, id_)Update a roles user by user ID
- assignrolestouser(userRolesRequest)
Create a record associating role with user
POST /roles/users- Parameters
userRolesRequest (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "userRolesRequest.json", "title": "User-roles relation Batch Request Schema", "description": "User-roles request body", "type": "object", "properties": { "userId": { "type": "string", "format": "uuid", "description": "User identifier (UUID)" }, "roleIds": { "type": "array", "description": "Role identifiers", "items": { "type": "string", "format": "uuid", "description": "Role identifier (UUID)" } } } }
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "userRoles.json", "title": "List of User-Role Relation Items Schema", "description": "List of user-role relation items", "type": "object", "properties": { "userRoles": { "description": "List of user-role relation items", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "id": "userRole.json", "title": "User-Role Relation Model Schema", "description": "User-role relation model", "type": "object", "properties": { "userId": { "type": "string", "format": "uuid", "description": "ID of the user" }, "roleId": { "type": "string", "format": "uuid", "description": "Role identifier" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "userId", "roleId" ] }, "nullable": false }, "totalRecords": { "description": "The total number of user-role relation items matching the provided criteria", "type": "integer" } } }
- createcapabilityset(capabilitySet)
Create a capability set
POST /capability-sets- Parameters
capabilitySet (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "capabilities": { "description": "List with assigned capability ids", "type": "array", "minItems": 1, "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }
- createcapabilitysets(capabilitySets)
Create one or more capability sets
POST /capability-sets/batch- Parameters
capabilitySets (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capability Sets Object Schema", "description": "Response body containing capability set records", "type": "object", "properties": { "capabilitySets": { "description": "A collection of capability sets", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "capabilities": { "description": "List with assigned capability ids", "type": "array", "minItems": 1, "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }, "minItems": 1 }, "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" } }, "required": [ "capabilities" ] }
- createpolicies(policiesRequest)
Create one or more policies
POST /policies/batch- Parameters
policiesRequest (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "type": "object", "description": "A list of policies with additional meta information.", "properties": { "policies": { "description": "A list of policies.", "type": "array", "items": { "type": "object", "description": "Object containing the details of the policy.", "properties": { "id": { "description": "A unique identifier for this policy. System-generated if not provided.", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this policy. Required.", "type": "string" }, "description": { "description": "Free form description of the policy. Optional.", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of policy. Required.", "type": "string", "enum": [ "USER", "TIME", "ROLE" ] }, "userPolicy": { "type": "object", "description": "Object containing the details of the user-based policy", "properties": { "users": { "description": "Collection of user IDs. Required.", "type": "array", "items": { "type": "string", "format": "uuid" } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive", "examples": [ "positive", "negative" ] } }, "required": [ "users" ], "example": { "id": "3f3f3f3f-3f3f-3333-3f3f-3f3f3f3f3f3f", "name": "user_based_policy", "description": "This policy is meant to be an example", "users": [ "f7f7f7f7-7777-f7f7-f7f7-f7f7f7f7f7f7", "7f7f7f7f-7f7f-7777-7f7f-7f7f7f7f7f7f" ], "logic": "positive" } }, "timePolicy": { "type": "object", "description": "Object containing the details of the time-based policy.", "required": [], "properties": { "repeat": { "description": "Whether or not to repeat the policy.", "type": "boolean", "default": false }, "start": { "description": "Defines the time before which access must not be granted. Permission is granted only if the current date/time is later than or equal to this value. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "expires": { "description": "Defines the time after which access must not be granted. Permission is granted only if the current date/time is earlier than or equal to this value. Must be greater than the start time. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "dayOfMonthStart": { "description": "Defines the day of the month that access must be granted. You can also specify a range of dates. In this case, permission is granted only if the current day of the month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "dayOfMonthEnd": { "description": "Defines the end of the day of the month range. Must be greater than dayOfMonthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "monthStart": { "description": "Defines the month that access must be granted. You can also specify a range of months. In this case, permission is granted only if the current month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "monthEnd": { "description": "Defines the end of the month range. Must be greater than monthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "hourStart": { "description": "Defines the hour that access must be granted. You can also specify a range of hours. In this case, permission is granted only if the current hour is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "hourEnd": { "description": "Defines the end of the hour range. Must be greater than hourStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "minuteStart": { "description": "Defines the minute that access must be granted. You can also specify a range of minutes. In this case, permission is granted only if the current minute is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59 }, "minuteEnd": { "description": "Defines the end of the minutes range. Must be greater than minuteStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59, "min": "${minuteStart}" }, "logic": { "description": "Policies can be configured with positive or negative logic. Briefly, you can use this option to define whether the policy result should be kept as it is or be negated.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } } }, "rolePolicy": { "type": "object", "description": "Object containing the details of the aggregated policy.", "properties": { "roles": { "description": "Specifies which roles are permitted by this policy. Required", "type": "array", "items": { "type": "object", "description": "Object containing the details of the aggregated policy.", "required": [ "id" ], "properties": { "id": { "description": "Specifies a role permitted by this policy. Required.", "type": "string", "format": "uuid" }, "required": { "description": "When creating a role-based policy, you can specify a specific role as Required. When you do that, the policy will grant access only if the user requesting access has been granted all the required roles.", "type": "boolean", "default": false } } } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } }, "required": [ "roles" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name", "type" ] }, "minItems": 1, "maxItems": 255 } }, "required": [ "policies" ] }
{ "type": "object", "description": "A list of policies with additional meta information.", "properties": { "policies": { "description": "A list of policies.", "type": "array", "items": { "type": "object", "description": "Object containing the details of the policy.", "properties": { "id": { "description": "A unique identifier for this policy. System-generated if not provided.", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this policy. Required.", "type": "string" }, "description": { "description": "Free form description of the policy. Optional.", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of policy. Required.", "type": "string", "enum": [ "USER", "TIME", "ROLE" ] }, "userPolicy": { "type": "object", "description": "Object containing the details of the user-based policy", "properties": { "users": { "description": "Collection of user IDs. Required.", "type": "array", "items": { "type": "string", "format": "uuid" } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive", "examples": [ "positive", "negative" ] } }, "required": [ "users" ], "example": { "id": "3f3f3f3f-3f3f-3333-3f3f-3f3f3f3f3f3f", "name": "user_based_policy", "description": "This policy is meant to be an example", "users": [ "f7f7f7f7-7777-f7f7-f7f7-f7f7f7f7f7f7", "7f7f7f7f-7f7f-7777-7f7f-7f7f7f7f7f7f" ], "logic": "positive" } }, "timePolicy": { "type": "object", "description": "Object containing the details of the time-based policy.", "required": [], "properties": { "repeat": { "description": "Whether or not to repeat the policy.", "type": "boolean", "default": false }, "start": { "description": "Defines the time before which access must not be granted. Permission is granted only if the current date/time is later than or equal to this value. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "expires": { "description": "Defines the time after which access must not be granted. Permission is granted only if the current date/time is earlier than or equal to this value. Must be greater than the start time. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "dayOfMonthStart": { "description": "Defines the day of the month that access must be granted. You can also specify a range of dates. In this case, permission is granted only if the current day of the month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "dayOfMonthEnd": { "description": "Defines the end of the day of the month range. Must be greater than dayOfMonthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "monthStart": { "description": "Defines the month that access must be granted. You can also specify a range of months. In this case, permission is granted only if the current month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "monthEnd": { "description": "Defines the end of the month range. Must be greater than monthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "hourStart": { "description": "Defines the hour that access must be granted. You can also specify a range of hours. In this case, permission is granted only if the current hour is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "hourEnd": { "description": "Defines the end of the hour range. Must be greater than hourStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "minuteStart": { "description": "Defines the minute that access must be granted. You can also specify a range of minutes. In this case, permission is granted only if the current minute is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59 }, "minuteEnd": { "description": "Defines the end of the minutes range. Must be greater than minuteStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59, "min": "${minuteStart}" }, "logic": { "description": "Policies can be configured with positive or negative logic. Briefly, you can use this option to define whether the policy result should be kept as it is or be negated.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } } }, "rolePolicy": { "type": "object", "description": "Object containing the details of the aggregated policy.", "properties": { "roles": { "description": "Specifies which roles are permitted by this policy. Required", "type": "array", "items": { "type": "object", "description": "Object containing the details of the aggregated policy.", "required": [ "id" ], "properties": { "id": { "description": "Specifies a role permitted by this policy. Required.", "type": "string", "format": "uuid" }, "required": { "description": "When creating a role-based policy, you can specify a specific role as Required. When you do that, the policy will grant access only if the user requesting access has been granted all the required roles.", "type": "boolean", "default": false } } } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } }, "required": [ "roles" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name", "type" ] } }, "totalRecords": { "description": "The total number of roles matching the provided criteria", "type": "integer" } } }
- createpolicy(policy)
Create a policy
POST /policies- Parameters
policy (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "type": "object", "description": "Object containing the details of the policy.", "properties": { "id": { "description": "A unique identifier for this policy. System-generated if not provided.", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this policy. Required.", "type": "string" }, "description": { "description": "Free form description of the policy. Optional.", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of policy. Required.", "type": "string", "enum": [ "USER", "TIME", "ROLE" ] }, "userPolicy": { "type": "object", "description": "Object containing the details of the user-based policy", "properties": { "users": { "description": "Collection of user IDs. Required.", "type": "array", "items": { "type": "string", "format": "uuid" } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive", "examples": [ "positive", "negative" ] } }, "required": [ "users" ], "example": { "id": "3f3f3f3f-3f3f-3333-3f3f-3f3f3f3f3f3f", "name": "user_based_policy", "description": "This policy is meant to be an example", "users": [ "f7f7f7f7-7777-f7f7-f7f7-f7f7f7f7f7f7", "7f7f7f7f-7f7f-7777-7f7f-7f7f7f7f7f7f" ], "logic": "positive" } }, "timePolicy": { "type": "object", "description": "Object containing the details of the time-based policy.", "required": [], "properties": { "repeat": { "description": "Whether or not to repeat the policy.", "type": "boolean", "default": false }, "start": { "description": "Defines the time before which access must not be granted. Permission is granted only if the current date/time is later than or equal to this value. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "expires": { "description": "Defines the time after which access must not be granted. Permission is granted only if the current date/time is earlier than or equal to this value. Must be greater than the start time. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "dayOfMonthStart": { "description": "Defines the day of the month that access must be granted. You can also specify a range of dates. In this case, permission is granted only if the current day of the month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "dayOfMonthEnd": { "description": "Defines the end of the day of the month range. Must be greater than dayOfMonthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "monthStart": { "description": "Defines the month that access must be granted. You can also specify a range of months. In this case, permission is granted only if the current month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "monthEnd": { "description": "Defines the end of the month range. Must be greater than monthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "hourStart": { "description": "Defines the hour that access must be granted. You can also specify a range of hours. In this case, permission is granted only if the current hour is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "hourEnd": { "description": "Defines the end of the hour range. Must be greater than hourStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "minuteStart": { "description": "Defines the minute that access must be granted. You can also specify a range of minutes. In this case, permission is granted only if the current minute is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59 }, "minuteEnd": { "description": "Defines the end of the minutes range. Must be greater than minuteStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59, "min": "${minuteStart}" }, "logic": { "description": "Policies can be configured with positive or negative logic. Briefly, you can use this option to define whether the policy result should be kept as it is or be negated.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } } }, "rolePolicy": { "type": "object", "description": "Object containing the details of the aggregated policy.", "properties": { "roles": { "description": "Specifies which roles are permitted by this policy. Required", "type": "array", "items": { "type": "object", "description": "Object containing the details of the aggregated policy.", "required": [ "id" ], "properties": { "id": { "description": "Specifies a role permitted by this policy. Required.", "type": "string", "format": "uuid" }, "required": { "description": "When creating a role-based policy, you can specify a specific role as Required. When you do that, the policy will grant access only if the user requesting access has been granted all the required roles.", "type": "boolean", "default": false } } } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } }, "required": [ "roles" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name", "type" ] }
- createrole(role)
Create a role
POST /roles- Parameters
role (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "role.json", "title": "Role schema", "description": "Role", "type": "object", "properties": { "id": { "description": "Role identifier", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this role", "type": "string" }, "description": { "description": "Free form description of the role", "type": "string" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name" ] }
- createrolecapabilities(roleCapabilitiesRequest)
Create a record associating one or more capabilities with the role
POST /roles/capabilities- Parameters
roleCapabilitiesRequest (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-Capability Request Schema", "description": "Request body to assign existing capabilities to a role", "type": "object", "properties": { "roleId": { "type": "string", "format": "uuid", "description": "ID of the role" }, "capabilityIds": { "description": "List of capability identifiers", "type": "array", "items": { "type": "string", "description": "Capability identifier", "format": "uuid" }, "minItems": 1 } }, "required": [ "roleId", "capabilityIds" ] }
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-Capabilities Objects Schema", "description": "Response body containing role-capabilities relations for search request", "type": "object", "properties": { "totalRecords": { "description": "The total number of role-capability objects matching the provided criteria", "type": "integer", "format": "int64" }, "roleCapabilities": { "description": "List with found/created role-capability relations", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-Capability Relation Schema", "description": "Role-Capability Relation Schema", "type": "object", "properties": { "roleId": { "description": "Role identifier as UUID", "type": "string", "format": "uuid" }, "capabilityId": { "description": "Capability identifier as UUID", "type": "string", "format": "uuid" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } } } } } }
- createrolecapabilitysets(roleCapabilitySetsRequest)
Create a record associating one or more capabilities with the role
POST /roles/capability-sets- Parameters
roleCapabilitySetsRequest (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-CapabilitySet Request Schema", "description": "Request body to assign existing capability sets to a role", "type": "object", "properties": { "roleId": { "type": "string", "format": "uuid", "description": "ID of the role" }, "capabilitySetIds": { "description": "List of capability set identifiers", "type": "array", "items": { "type": "string", "description": "Capability set identifier", "format": "uuid" }, "minItems": 1 } }, "required": [ "roleId", "capabilitySetIds" ] }
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-Capability Set Objects Schema", "description": "Response body containing role-capabilitySet relations for search request", "type": "object", "properties": { "totalRecords": { "description": "The total number of role-capability objects matching the provided criteria", "type": "integer", "format": "int64" }, "roleCapabilitySets": { "description": "List with found/created role-capabilitySet relations", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-Capability Set Relation Schema", "description": "Role-Capability Set Relation Schema", "type": "object", "properties": { "roleId": { "description": "Role identifier as UUID", "type": "string", "format": "uuid" }, "capabilitySetId": { "description": "Capability set identifier as UUID", "type": "string", "format": "uuid" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } } } } } }
- createroles(rolesRequest)
Create one or more roles
POST /roles/batch- Parameters
rolesRequest (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "roles.json", "title": "Roles schema", "description": "Roles", "type": "object", "properties": { "roles": { "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "id": "role.json", "title": "Role schema", "description": "Role", "type": "object", "properties": { "id": { "description": "Role identifier", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this role", "type": "string" }, "description": { "description": "Free form description of the role", "type": "string" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name" ] }, "minItems": 1, "maxItems": 255 } }, "required": [ "roles" ] }
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "roles.json", "title": "Roles schema", "description": "Roles", "type": "object", "properties": { "roles": { "description": "Role identifier", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "id": "role.json", "title": "Role schema", "description": "Role", "type": "object", "properties": { "id": { "description": "Role identifier", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this role", "type": "string" }, "description": { "description": "Free form description of the role", "type": "string" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name" ] }, "nullable": false }, "totalRecords": { "description": "The total number of roles matching the provided criteria", "type": "integer" } }, "required": [ "roles" ] }
- createusercapabilities(userCapabilitiesRequest)
Create a record associating one or more capabilities with a user.
POST /users/capabilities- Parameters
userCapabilitiesRequest (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "User-Capability Request Schema", "description": "Request body to assign existing capabilities to a user", "type": "object", "properties": { "userId": { "type": "string", "format": "uuid", "description": "User identifier" }, "capabilityIds": { "description": "List of capability identifiers", "type": "array", "items": { "type": "string", "description": "Capability identifier", "format": "uuid" }, "minItems": 1 } }, "required": [ "userId", "capabilityIds" ] }
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "User Capabilities Schema", "description": "User capabilities collection", "type": "object", "properties": { "totalRecords": { "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" }, "userCapabilities": { "description": "List with found/created user-capability relations", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "User Capability Schema", "description": "User Capability", "type": "object", "properties": { "userId": { "description": "User identifier as UUID", "type": "string", "format": "uuid" }, "capabilityId": { "description": "Capability identifier as UUID", "type": "string", "format": "uuid" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "userId", "capabilityId" ] } } } }
- createusercapabilitysets(userCapabilitySetsRequest)
Create a record associating one or more capabilities with a user.
POST /users/capability-sets- Parameters
userCapabilitySetsRequest (dict) – See Schema below.
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "User-CapabilitySet Request Schema", "description": "Request body to assign existing capability sets to a user", "type": "object", "properties": { "userId": { "type": "string", "format": "uuid", "description": "User identifier" }, "capabilitySetIds": { "description": "List of capability identifiers", "type": "array", "items": { "type": "string", "description": "Capability set identifier", "format": "uuid" }, "minItems": 1 } }, "required": [ "roleId", "capabilitySetIds" ] }
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "User Capability Set Schema", "description": "User capability set collection", "type": "object", "properties": { "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" }, "userCapabilitySets": { "description": "List with found/created user-capabilitySet relations", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "User Capability Set Schema", "description": "User Capability Set", "type": "object", "properties": { "userId": { "description": "User identifier as UUID", "type": "string", "format": "uuid" }, "capabilitySetId": { "description": "Capability Set identifier as UUID", "type": "string", "format": "uuid" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "userId", "capabilityId" ] } } } }
- deletecapabilityset(id_)
Delete a capability set
DELETE /capability-sets/{id}- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
- deletepolicy(id_)
Delete a policy
DELETE /policies/{id}
- deleterole(id_)
Delete a role
DELETE /roles/{id}
- deleterolecapabilities(id_)
Removes all capabilities assignments for the specified role identifier
DELETE /roles/{id}/capabilities- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
- deleterolecapabilitysets(id_)
Removes all capability sets assignments for the specified role identifier
DELETE /roles/{id}/capability-sets- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
- deleteusercapabilities(id_)
Removes all capability assignments for the specified user identifier
DELETE /users/{id}/capabilities- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
- deleteusercapabilitysets(id_)
Removes all capability set assignments for the specified user identifier
DELETE /users/{id}/capability-sets- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
- deleteuserroles(id_)
Delete a roles user by user ID
DELETE /roles/users/{id}
- findcapabilities(**kwargs)
Get capabilities by query
GET /capabilities- Keyword Arguments
query (str) – A query string to filter users based on matching criteria in fields.
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capabilities Object Schema", "description": "Response body containing capability records", "type": "object", "properties": { "capabilities": { "description": "A collection of capability sets", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "permission": { "description": "Folio permission name", "type": "string" }, "endpoints": { "type": "array", "description": "List of assigned endpoints", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "id": "endpoint.json", "description": "Object containing the details of the http-endpoint.", "properties": { "path": { "type": "string", "description": "Endpoint's static path / expression" }, "method": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "Http Method", "type": "string", "enum": [ "GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE" ] } } } }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }, "minItems": 1 }, "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" } }, "required": [ "capabilities" ] }
- findcapabilitiesbycapabilitysetid(id_, **kwargs)
Find capabilities by capability set ID
GET /capability-sets/{id}/capabilities- Keyword Arguments
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capabilities Object Schema", "description": "Response body containing capability records", "type": "object", "properties": { "capabilities": { "description": "A collection of capability sets", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "permission": { "description": "Folio permission name", "type": "string" }, "endpoints": { "type": "array", "description": "List of assigned endpoints", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "id": "endpoint.json", "description": "Object containing the details of the http-endpoint.", "properties": { "path": { "type": "string", "description": "Endpoint's static path / expression" }, "method": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "Http Method", "type": "string", "enum": [ "GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE" ] } } } }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }, "minItems": 1 }, "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" } }, "required": [ "capabilities" ] }
- findcapabilitiesbyroleid(id_, **kwargs)
Get capabilities assigned to role by role identifier
GET /roles/{id}/capabilities- Keyword Arguments
expand (bool) – Defines if capability sets must be expanded (default: False)
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capabilities Object Schema", "description": "Response body containing capability records", "type": "object", "properties": { "capabilities": { "description": "A collection of capability sets", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "permission": { "description": "Folio permission name", "type": "string" }, "endpoints": { "type": "array", "description": "List of assigned endpoints", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "id": "endpoint.json", "description": "Object containing the details of the http-endpoint.", "properties": { "path": { "type": "string", "description": "Endpoint's static path / expression" }, "method": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "Http Method", "type": "string", "enum": [ "GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE" ] } } } }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }, "minItems": 1 }, "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" } }, "required": [ "capabilities" ] }
- findcapabilitiesbyuserid(id_, **kwargs)
Retrieve capabilities assigned to role by role identifier
GET /users/{id}/capabilities- Keyword Arguments
expand (bool) – Defines if capability sets must be expanded (default: False)
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capabilities Object Schema", "description": "Response body containing capability records", "type": "object", "properties": { "capabilities": { "description": "A collection of capability sets", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "permission": { "description": "Folio permission name", "type": "string" }, "endpoints": { "type": "array", "description": "List of assigned endpoints", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "id": "endpoint.json", "description": "Object containing the details of the http-endpoint.", "properties": { "path": { "type": "string", "description": "Endpoint's static path / expression" }, "method": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "Http Method", "type": "string", "enum": [ "GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE" ] } } } }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }, "minItems": 1 }, "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" } }, "required": [ "capabilities" ] }
- findcapabilitysets(**kwargs)
Get capabilities by query
GET /capability-sets- Keyword Arguments
query (str) – A query string to filter users based on matching criteria in fields.
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capability Sets Object Schema", "description": "Response body containing capability set records", "type": "object", "properties": { "capabilitySets": { "description": "A collection of capability sets", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "capabilities": { "description": "List with assigned capability ids", "type": "array", "minItems": 1, "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }, "minItems": 1 }, "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" } }, "required": [ "capabilities" ] }
- findpolicies(**kwargs)
Get policies by query
GET /policies- Keyword Arguments
query (str) – A query string to filter users based on matching criteria in fields.
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "type": "object", "description": "A list of policies with additional meta information.", "properties": { "policies": { "description": "A list of policies.", "type": "array", "items": { "type": "object", "description": "Object containing the details of the policy.", "properties": { "id": { "description": "A unique identifier for this policy. System-generated if not provided.", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this policy. Required.", "type": "string" }, "description": { "description": "Free form description of the policy. Optional.", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of policy. Required.", "type": "string", "enum": [ "USER", "TIME", "ROLE" ] }, "userPolicy": { "type": "object", "description": "Object containing the details of the user-based policy", "properties": { "users": { "description": "Collection of user IDs. Required.", "type": "array", "items": { "type": "string", "format": "uuid" } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive", "examples": [ "positive", "negative" ] } }, "required": [ "users" ], "example": { "id": "3f3f3f3f-3f3f-3333-3f3f-3f3f3f3f3f3f", "name": "user_based_policy", "description": "This policy is meant to be an example", "users": [ "f7f7f7f7-7777-f7f7-f7f7-f7f7f7f7f7f7", "7f7f7f7f-7f7f-7777-7f7f-7f7f7f7f7f7f" ], "logic": "positive" } }, "timePolicy": { "type": "object", "description": "Object containing the details of the time-based policy.", "required": [], "properties": { "repeat": { "description": "Whether or not to repeat the policy.", "type": "boolean", "default": false }, "start": { "description": "Defines the time before which access must not be granted. Permission is granted only if the current date/time is later than or equal to this value. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "expires": { "description": "Defines the time after which access must not be granted. Permission is granted only if the current date/time is earlier than or equal to this value. Must be greater than the start time. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "dayOfMonthStart": { "description": "Defines the day of the month that access must be granted. You can also specify a range of dates. In this case, permission is granted only if the current day of the month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "dayOfMonthEnd": { "description": "Defines the end of the day of the month range. Must be greater than dayOfMonthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "monthStart": { "description": "Defines the month that access must be granted. You can also specify a range of months. In this case, permission is granted only if the current month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "monthEnd": { "description": "Defines the end of the month range. Must be greater than monthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "hourStart": { "description": "Defines the hour that access must be granted. You can also specify a range of hours. In this case, permission is granted only if the current hour is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "hourEnd": { "description": "Defines the end of the hour range. Must be greater than hourStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "minuteStart": { "description": "Defines the minute that access must be granted. You can also specify a range of minutes. In this case, permission is granted only if the current minute is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59 }, "minuteEnd": { "description": "Defines the end of the minutes range. Must be greater than minuteStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59, "min": "${minuteStart}" }, "logic": { "description": "Policies can be configured with positive or negative logic. Briefly, you can use this option to define whether the policy result should be kept as it is or be negated.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } } }, "rolePolicy": { "type": "object", "description": "Object containing the details of the aggregated policy.", "properties": { "roles": { "description": "Specifies which roles are permitted by this policy. Required", "type": "array", "items": { "type": "object", "description": "Object containing the details of the aggregated policy.", "required": [ "id" ], "properties": { "id": { "description": "Specifies a role permitted by this policy. Required.", "type": "string", "format": "uuid" }, "required": { "description": "When creating a role-based policy, you can specify a specific role as Required. When you do that, the policy will grant access only if the user requesting access has been granted all the required roles.", "type": "boolean", "default": false } } } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } }, "required": [ "roles" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name", "type" ] } }, "totalRecords": { "description": "The total number of roles matching the provided criteria", "type": "integer" } } }
- findroles(**kwargs)
Get roles by query
GET /roles- Keyword Arguments
query (str) – A query string to filter users based on matching criteria in fields.
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "roles.json", "title": "Roles schema", "description": "Roles", "type": "object", "properties": { "roles": { "description": "Role identifier", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "id": "role.json", "title": "Role schema", "description": "Role", "type": "object", "properties": { "id": { "description": "Role identifier", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this role", "type": "string" }, "description": { "description": "Free form description of the role", "type": "string" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name" ] }, "nullable": false }, "totalRecords": { "description": "The total number of roles matching the provided criteria", "type": "integer" } }, "required": [ "roles" ] }
- finduserroles(**kwargs)
Search user-role relations by CQL query
GET /roles/users- Keyword Arguments
query (str) – A query string to filter users based on matching criteria in fields.
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "userRoles.json", "title": "List of User-Role Relation Items Schema", "description": "List of user-role relation items", "type": "object", "properties": { "userRoles": { "description": "List of user-role relation items", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "id": "userRole.json", "title": "User-Role Relation Model Schema", "description": "User-role relation model", "type": "object", "properties": { "userId": { "type": "string", "format": "uuid", "description": "ID of the user" }, "roleId": { "type": "string", "format": "uuid", "description": "Role identifier" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "userId", "roleId" ] }, "nullable": false }, "totalRecords": { "description": "The total number of user-role relation items matching the provided criteria", "type": "integer" } } }
- getcapabilitybyid(id_)
Get capability by ID
GET /capabilities/{id}- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "permission": { "description": "Folio permission name", "type": "string" }, "endpoints": { "type": "array", "description": "List of assigned endpoints", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "id": "endpoint.json", "description": "Object containing the details of the http-endpoint.", "properties": { "path": { "type": "string", "description": "Endpoint's static path / expression" }, "method": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "Http Method", "type": "string", "enum": [ "GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE" ] } } } }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }
- getcapabilitysetbyid(id_)
Get capability set by ID
GET /capability-sets/{id}- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "capabilities": { "description": "List with assigned capability ids", "type": "array", "minItems": 1, "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }
- getcapabilitysetsbyroleid(id_, **kwargs)
Get capability sets assigned to role by role identifier
GET /roles/{id}/capability-sets- Keyword Arguments
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capability Sets Object Schema", "description": "Response body containing capability set records", "type": "object", "properties": { "capabilitySets": { "description": "A collection of capability sets", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "capabilities": { "description": "List with assigned capability ids", "type": "array", "minItems": 1, "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }, "minItems": 1 }, "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" } }, "required": [ "capabilities" ] }
- getcapabilitysetsbyuserid(id_, **kwargs)
Retrieve capability sets assigned to role by role identifier
GET /users/{id}/capability-sets- Keyword Arguments
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capability Sets Object Schema", "description": "Response body containing capability set records", "type": "object", "properties": { "capabilitySets": { "description": "A collection of capability sets", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "capabilities": { "description": "List with assigned capability ids", "type": "array", "minItems": 1, "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }, "minItems": 1 }, "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" } }, "required": [ "capabilities" ] }
- getpermissionsuser(id_, **kwargs)
Get permissions by user ID
GET /permissions/users/{id}- Keyword Arguments
onlyVisible (bool) – Return only visible permission sets (default: False)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestNotImplemented – Operation is not supported error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Permissions User Schema", "description": "Permissions user", "type": "object", "properties": { "userId": { "description": "Id of the user", "type": "string", "format": "uuid" }, "permissions": { "description": "List of permissions assigned to the user", "type": "array", "minItems": 1, "items": { "description": "Permission names assigned to the user", "type": "string" } } }, "required": [ "userId", "permissions" ] }
- getpolicy(id_)
Get policy by ID
GET /policies/{id}- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "type": "object", "description": "Object containing the details of the policy.", "properties": { "id": { "description": "A unique identifier for this policy. System-generated if not provided.", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this policy. Required.", "type": "string" }, "description": { "description": "Free form description of the policy. Optional.", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of policy. Required.", "type": "string", "enum": [ "USER", "TIME", "ROLE" ] }, "userPolicy": { "type": "object", "description": "Object containing the details of the user-based policy", "properties": { "users": { "description": "Collection of user IDs. Required.", "type": "array", "items": { "type": "string", "format": "uuid" } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive", "examples": [ "positive", "negative" ] } }, "required": [ "users" ], "example": { "id": "3f3f3f3f-3f3f-3333-3f3f-3f3f3f3f3f3f", "name": "user_based_policy", "description": "This policy is meant to be an example", "users": [ "f7f7f7f7-7777-f7f7-f7f7-f7f7f7f7f7f7", "7f7f7f7f-7f7f-7777-7f7f-7f7f7f7f7f7f" ], "logic": "positive" } }, "timePolicy": { "type": "object", "description": "Object containing the details of the time-based policy.", "required": [], "properties": { "repeat": { "description": "Whether or not to repeat the policy.", "type": "boolean", "default": false }, "start": { "description": "Defines the time before which access must not be granted. Permission is granted only if the current date/time is later than or equal to this value. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "expires": { "description": "Defines the time after which access must not be granted. Permission is granted only if the current date/time is earlier than or equal to this value. Must be greater than the start time. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "dayOfMonthStart": { "description": "Defines the day of the month that access must be granted. You can also specify a range of dates. In this case, permission is granted only if the current day of the month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "dayOfMonthEnd": { "description": "Defines the end of the day of the month range. Must be greater than dayOfMonthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "monthStart": { "description": "Defines the month that access must be granted. You can also specify a range of months. In this case, permission is granted only if the current month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "monthEnd": { "description": "Defines the end of the month range. Must be greater than monthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "hourStart": { "description": "Defines the hour that access must be granted. You can also specify a range of hours. In this case, permission is granted only if the current hour is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "hourEnd": { "description": "Defines the end of the hour range. Must be greater than hourStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "minuteStart": { "description": "Defines the minute that access must be granted. You can also specify a range of minutes. In this case, permission is granted only if the current minute is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59 }, "minuteEnd": { "description": "Defines the end of the minutes range. Must be greater than minuteStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59, "min": "${minuteStart}" }, "logic": { "description": "Policies can be configured with positive or negative logic. Briefly, you can use this option to define whether the policy result should be kept as it is or be negated.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } } }, "rolePolicy": { "type": "object", "description": "Object containing the details of the aggregated policy.", "properties": { "roles": { "description": "Specifies which roles are permitted by this policy. Required", "type": "array", "items": { "type": "object", "description": "Object containing the details of the aggregated policy.", "required": [ "id" ], "properties": { "id": { "description": "Specifies a role permitted by this policy. Required.", "type": "string", "format": "uuid" }, "required": { "description": "When creating a role-based policy, you can specify a specific role as Required. When you do that, the policy will grant access only if the user requesting access has been granted all the required roles.", "type": "boolean", "default": false } } } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } }, "required": [ "roles" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name", "type" ] }
- getrole(id_)
Get role by ID
GET /roles/{id}- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "role.json", "title": "Role schema", "description": "Role", "type": "object", "properties": { "id": { "description": "Role identifier", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this role", "type": "string" }, "description": { "description": "Free form description of the role", "type": "string" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name" ] }
- getrolecapabilities(**kwargs)
Get role-capability relation items by CQL query and pagination parameters
GET /roles/capabilities- Keyword Arguments
query (str) – A query string to filter users based on matching criteria in fields.
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-Capabilities Objects Schema", "description": "Response body containing role-capabilities relations for search request", "type": "object", "properties": { "totalRecords": { "description": "The total number of role-capability objects matching the provided criteria", "type": "integer", "format": "int64" }, "roleCapabilities": { "description": "List with found/created role-capability relations", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-Capability Relation Schema", "description": "Role-Capability Relation Schema", "type": "object", "properties": { "roleId": { "description": "Role identifier as UUID", "type": "string", "format": "uuid" }, "capabilityId": { "description": "Capability identifier as UUID", "type": "string", "format": "uuid" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } } } } } }
- getrolecapabilitysets(**kwargs)
Get role-capability-set relation items by CQL query
GET /roles/capability-sets- Keyword Arguments
query (str) – A query string to filter users based on matching criteria in fields.
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-Capability Set Objects Schema", "description": "Response body containing role-capabilitySet relations for search request", "type": "object", "properties": { "totalRecords": { "description": "The total number of role-capability objects matching the provided criteria", "type": "integer", "format": "int64" }, "roleCapabilitySets": { "description": "List with found/created role-capabilitySet relations", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Role-Capability Set Relation Schema", "description": "Role-Capability Set Relation Schema", "type": "object", "properties": { "roleId": { "description": "Role identifier as UUID", "type": "string", "format": "uuid" }, "capabilitySetId": { "description": "Capability set identifier as UUID", "type": "string", "format": "uuid" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } } } } } }
- getusercapabilities(**kwargs)
Search user capabilities by CQL query
GET /users/capabilities- Keyword Arguments
query (str) – A query string to filter users based on matching criteria in fields.
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "User Capabilities Schema", "description": "User capabilities collection", "type": "object", "properties": { "totalRecords": { "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" }, "userCapabilities": { "description": "List with found/created user-capability relations", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "User Capability Schema", "description": "User Capability", "type": "object", "properties": { "userId": { "description": "User identifier as UUID", "type": "string", "format": "uuid" }, "capabilityId": { "description": "Capability identifier as UUID", "type": "string", "format": "uuid" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "userId", "capabilityId" ] } } } }
- getusercapabilitysets(**kwargs)
Get user capabilities by CQL query and pagination parameters
GET /users/capability-sets- Keyword Arguments
query (str) – A query string to filter users based on matching criteria in fields.
limit (int) – Limit the number of elements returned in the response. (default: 10, minimum: 0)
offset (int) – Skip over a number of elements by specifying an offset value for the query. (default: 0, minimum: 0)
- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "User Capability Set Schema", "description": "User capability set collection", "type": "object", "properties": { "totalRecords": { "readOnly": true, "description": "The total number of records matching the provided criteria", "type": "integer", "format": "int64" }, "userCapabilitySets": { "description": "List with found/created user-capabilitySet relations", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "User Capability Set Schema", "description": "User Capability Set", "type": "object", "properties": { "userId": { "description": "User identifier as UUID", "type": "string", "format": "uuid" }, "capabilitySetId": { "description": "Capability Set identifier as UUID", "type": "string", "format": "uuid" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "userId", "capabilityId" ] } } } }
- getuserroles(id_)
Get roles user by user ID
GET /roles/users/{id}- Returns
See Schema below.
- Return type
dict
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "userRoles.json", "title": "List of User-Role Relation Items Schema", "description": "List of user-role relation items", "type": "object", "properties": { "userRoles": { "description": "List of user-role relation items", "type": "array", "items": { "$schema": "http://json-schema.org/draft-04/schema#", "id": "userRole.json", "title": "User-Role Relation Model Schema", "description": "User-role relation model", "type": "object", "properties": { "userId": { "type": "string", "format": "uuid", "description": "ID of the user" }, "roleId": { "type": "string", "format": "uuid", "description": "Role identifier" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "userId", "roleId" ] }, "nullable": false }, "totalRecords": { "description": "The total number of user-role relation items matching the provided criteria", "type": "integer" } } }
- migratepolicies()
Migrate user policies from mod-permission to keycloak
POST /roles-keycloak/migrate- Raises
OkapiRequestError – Error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
- updatecapabilityset(capabilitySet, id_)
Update a capability set
PUT /capability-sets/{id}- Parameters
capabilitySet (dict) – See Schema below.
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "title": "Capability Set Object Schema", "description": "Object containing the details of the capability set", "properties": { "id": { "description": "A unique identifier for this capability", "type": "string", "format": "uuid" }, "name": { "description": "a human-readable name/label for this capability. Takes the form of {resourceName}.{scope}, e.g. item.create", "type": "string", "readOnly": true }, "description": { "description": "Free form description of the capability", "type": "string" }, "resource": { "description": "The resource this capability is associated with, e.g. item", "type": "string", "pattern": "^[A-Za-z\\s]+$" }, "action": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The action this capability is associated with, e.g. create", "type": "string", "enum": [ "view", "create", "edit", "delete", "manage", "execute" ] }, "applicationId": { "description": "The id of the application which defines the capability", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of capability", "type": "string", "enum": [ "settings", "data", "procedural" ] }, "capabilities": { "description": "List with assigned capability ids", "type": "array", "minItems": 1, "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "resource", "action", "permissions", "type", "applicationId" ] }
- updatepolicy(policy, id_)
Update a policy
PUT /policies/{id}- Parameters
policy (dict) – See Schema below.
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "type": "object", "description": "Object containing the details of the policy.", "properties": { "id": { "description": "A unique identifier for this policy. System-generated if not provided.", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this policy. Required.", "type": "string" }, "description": { "description": "Free form description of the policy. Optional.", "type": "string" }, "type": { "$schema": "http://json-schema.org/draft-04/schema#", "description": "The type of policy. Required.", "type": "string", "enum": [ "USER", "TIME", "ROLE" ] }, "userPolicy": { "type": "object", "description": "Object containing the details of the user-based policy", "properties": { "users": { "description": "Collection of user IDs. Required.", "type": "array", "items": { "type": "string", "format": "uuid" } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive", "examples": [ "positive", "negative" ] } }, "required": [ "users" ], "example": { "id": "3f3f3f3f-3f3f-3333-3f3f-3f3f3f3f3f3f", "name": "user_based_policy", "description": "This policy is meant to be an example", "users": [ "f7f7f7f7-7777-f7f7-f7f7-f7f7f7f7f7f7", "7f7f7f7f-7f7f-7777-7f7f-7f7f7f7f7f7f" ], "logic": "positive" } }, "timePolicy": { "type": "object", "description": "Object containing the details of the time-based policy.", "required": [], "properties": { "repeat": { "description": "Whether or not to repeat the policy.", "type": "boolean", "default": false }, "start": { "description": "Defines the time before which access must not be granted. Permission is granted only if the current date/time is later than or equal to this value. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "expires": { "description": "Defines the time after which access must not be granted. Permission is granted only if the current date/time is earlier than or equal to this value. Must be greater than the start time. Ignored if repeat is true.", "type": "string", "format": "date-time" }, "dayOfMonthStart": { "description": "Defines the day of the month that access must be granted. You can also specify a range of dates. In this case, permission is granted only if the current day of the month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "dayOfMonthEnd": { "description": "Defines the end of the day of the month range. Must be greater than dayOfMonthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 31 }, "monthStart": { "description": "Defines the month that access must be granted. You can also specify a range of months. In this case, permission is granted only if the current month is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "monthEnd": { "description": "Defines the end of the month range. Must be greater than monthStart. Ignored if repeat is false.", "type": "integer", "minimum": 1, "maximum": 12 }, "hourStart": { "description": "Defines the hour that access must be granted. You can also specify a range of hours. In this case, permission is granted only if the current hour is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "hourEnd": { "description": "Defines the end of the hour range. Must be greater than hourStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 23 }, "minuteStart": { "description": "Defines the minute that access must be granted. You can also specify a range of minutes. In this case, permission is granted only if the current minute is between or equal to the two values specified. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59 }, "minuteEnd": { "description": "Defines the end of the minutes range. Must be greater than minuteStart. Ignored if repeat is false.", "type": "integer", "minimum": 0, "maximum": 59, "min": "${minuteStart}" }, "logic": { "description": "Policies can be configured with positive or negative logic. Briefly, you can use this option to define whether the policy result should be kept as it is or be negated.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } } }, "rolePolicy": { "type": "object", "description": "Object containing the details of the aggregated policy.", "properties": { "roles": { "description": "Specifies which roles are permitted by this policy. Required", "type": "array", "items": { "type": "object", "description": "Object containing the details of the aggregated policy.", "required": [ "id" ], "properties": { "id": { "description": "Specifies a role permitted by this policy. Required.", "type": "string", "format": "uuid" }, "required": { "description": "When creating a role-based policy, you can specify a specific role as Required. When you do that, the policy will grant access only if the user requesting access has been granted all the required roles.", "type": "boolean", "default": false } } } }, "logic": { "description": "The logic to apply for this policy.", "type": "string", "enum": [ "positive", "negative" ], "default": "positive" } }, "required": [ "roles" ] }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name", "type" ] }
- updaterole(role, id_)
Update a role
PUT /roles/{id}- Parameters
role (dict) – See Schema below.
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "role.json", "title": "Role schema", "description": "Role", "type": "object", "properties": { "id": { "description": "Role identifier", "type": "string", "format": "uuid" }, "name": { "description": "A human-readable name/label for this role", "type": "string" }, "description": { "description": "Free form description of the role", "type": "string" }, "metadata": { "$schema": "http://json-schema.org/draft-04/schema#", "title": "Metadata Schema", "description": "Metadata about creation and changes to records, provided by the server (client should not provide)", "type": "object", "properties": { "createdDate": { "description": "Date and time when the record was created", "type": "string", "format": "date-time" }, "createdBy": { "description": "ID of the user who created the record (when available)", "type": "string", "format": "uuid" }, "modifiedDate": { "description": "Date and time when the record was last updated", "type": "string", "format": "date-time" }, "modifiedBy": { "description": "ID of the user who last updated the record (when available)", "type": "string", "format": "uuid" } }, "additionalProperties": false } }, "required": [ "name" ] }
- updaterolecapabilities(capabilitiesUpdateRequest, id_)
Modifies the set of capabilities assigned to the specified role.
PUT /roles/{id}/capabilities- Parameters
capabilitiesUpdateRequest (dict) – See Schema below.
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "roleCapabilitiesUpdateRequest.json.json", "title": "Capability Relation Update Request Schema", "description": "Request body to update capabilities assigned to entity (role, user, etc.)", "type": "object", "properties": { "capabilityIds": { "description": "List of capability identifiers", "type": "array", "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } } }, "required": [ "capabilityIds" ] }
- updaterolecapabilitysets(capabilitySetsUpdateRequest, id_)
Modifies the set of capability sets assigned to the specified role.
PUT /roles/{id}/capability-sets- Parameters
capabilitySetsUpdateRequest (dict) – See Schema below.
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capability Set Relation Update Request Schema", "description": "Request body to update capability sets assigned to entity (role, user, etc.)", "type": "object", "properties": { "capabilitySetIds": { "description": "List of capability set identifiers", "type": "array", "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } } }, "required": [ "capabilitySetIds" ] }
- updateusercapabilities(capabilitiesUpdateRequest, id_)
Modifies the set of capabilities assigned to the specified user.
PUT /users/{id}/capabilities- Parameters
capabilitiesUpdateRequest (dict) – See Schema below.
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "roleCapabilitiesUpdateRequest.json.json", "title": "Capability Relation Update Request Schema", "description": "Request body to update capabilities assigned to entity (role, user, etc.)", "type": "object", "properties": { "capabilityIds": { "description": "List of capability identifiers", "type": "array", "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } } }, "required": [ "capabilityIds" ] }
- updateusercapabilitysets(capabilitySetsUpdateRequest, id_)
Modifies the set of capability sets assigned to the specified user.
PUT /users/{id}/capability-sets- Parameters
capabilitySetsUpdateRequest (dict) – See Schema below.
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Capability Set Relation Update Request Schema", "description": "Request body to update capability sets assigned to entity (role, user, etc.)", "type": "object", "properties": { "capabilitySetIds": { "description": "List of capability set identifiers", "type": "array", "items": { "type": "string", "description": "Capability identifier", "format": "uuid" } } }, "required": [ "capabilitySetIds" ] }
- updateuserroles(userRolesRequest, id_)
Update a roles user by user ID
PUT /roles/users/{id}- Parameters
userRolesRequest (dict) – See Schema below.
- Raises
OkapiRequestNotFound – Not found error response in JSON format for validation errors.
OkapiRequestFatalError – Error response for unhandled or critical server exceptions, e.g. NullPointerException.
Schema
{ "$schema": "http://json-schema.org/draft-04/schema#", "id": "userRolesRequest.json", "title": "User-roles relation Batch Request Schema", "description": "User-roles request body", "type": "object", "properties": { "userId": { "type": "string", "format": "uuid", "description": "User identifier (UUID)" }, "roleIds": { "type": "array", "description": "Role identifiers", "items": { "type": "string", "format": "uuid", "description": "Role identifier (UUID)" } } } }