# Role request REST endpoint
This is a basic endpoint that allows assign role to identity.
A direct change of permission, i.e. adding/editing/removing a link between an identity and a role directly via REST API **is not possible**. All permission changes can be made via the role request REST API.
The role request is only an envelope that defines the applicant (to whom we change the authorization) and the type of request (automatic/manual, request without approval).
The specific changes required for each role are managed in the REST of the **[[7.3:api.md:role-concepts.md|role concepts]]**.
The basic procedure is therefore:
- **Create a request** to change the permissions.
- **Create [[7.3:api.md:role-concepts.md|role concepts]]** (how do we want the assigned role to look like).
- **Run** the request as a whole (**/start**).
* REST endpoint **/api/v1/role-requests**
# Supports
* Basic **CRUD** operations (Creating, Reading, Updating, Deleting) and searching.
* Start approving process for the request (**/start**).
If you want to use the REST API, you must be logged in. The easiest way is to use **Basic authentication** directly in request "- u admin: admin".
# API
** TODO: Swagger**
# Examples
## Create role request
We will created new request for change identity permission.
* Applicant is **john doe**.
* In example request you have to fill correct ID of **john doe**.
* The individual assigned roles change will made in the REST concepts roles.
### Request:
```
curl -i -X POST -H "Content-Type:application/json" -u admin:admin http://localhost:8080/idm-backend/api/v1/role-requests/ -d '{"applicant" : "7[FILL ID of john_doe]", "requestedyType" : "MANUALLY", "executeImmediately" : false, "description" : "Please check and approve the permission change"}'
```
### Response:
{
"id" : "d3bfb867-fc4d-4cf7-a53a-502bcab28c9d",
"created" : "2017-06-14T10:39:26.904Z",
"modified" : null,
"creator" : "admin",
"creatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
"modifier" : null,
"modifierId" : null,
"originalCreator" : "admin",
"originalCreatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
"originalModifier" : null,
"originalModifierId" : null,
"applicant" : "7660871b-8b95-4676-87ba-742ffb5ee881",
"state" : "CONCEPT",
"requestedByType" : "MANUALLY",
"wfProcessId" : null,
"originalRequest" : null,
"conceptRoles" : [ ],
"executeImmediately" : false,
"duplicatedToRequest" : null,
"log" : null,
"description" : "Please check and approve the permission change",
"_trimmed" : false,
"_embedded" : {!SHORTENED_FOR_CLARITY!}
},
"_links" : {
"self" : {
"href" : "http://localhost:8080/idm-backend/api/v1/role-requests/d3bfb867-fc4d-4cf7-a53a-502bcab28c9d"
}
}
}
## Start of role request
After we have created request and individula role concepts, we can start approve process.
### Request:
```
curl -i -X PUT -u admin:admin http://localhost:8080/idm-backend/api/v1/role-requests/[FILL ID OF YOUR REQUEST]/start
```
### Response:
{
"id" : "d3bfb867-fc4d-4cf7-a53a-502bcab28c9d",
"created" : "2017-06-14T10:39:26.904Z",
"modified" : "2017-06-14T11:08:31.648Z",
"creator" : "admin",
"creatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
"modifier" : "admin",
"modifierId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
"originalCreator" : "admin",
"originalCreatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
"originalModifier" : "admin",
"originalModifierId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
"applicant" : "7660871b-8b95-4676-87ba-742ffb5ee881",
"state" : "EXECUTED",
"requestedByType" : "MANUALLY",
"wfProcessId" : "cb7fa523-50f1-11e7-887c-52540010eb43",
"originalRequest" : "{[SHORTENED_FOR_CLEARITY]}",
"conceptRoles" : [ ],
"executeImmediately" : false,
"duplicatedToRequest" : null,
"log" : null,
"description" : "Please check and approve the permission change",
"_trimmed" : false,
"_embedded" : {[SHORTENED_FOR_CLEARITY]}
},
"_links" : {
"self" : {
"href" : "http://localhost:8080/idm-backend/api/v1/role-requests/d3bfb867-fc4d-4cf7-a53a-502bcab28c9d"
}
}