# Role request REST endpoint This is a basic endpoint that allows assign role to identity. A direct change of permission, i.e. adding/editing/removing a link between an identity and a role directly via REST API is not possible. All permission changes can be made via the role request REST API.
The role request is only an envelope that defines the applicant (to whom we change the authorization) and the type of request (automatic/manual, request without approval). The specific changes required for each role are managed in the REST of the role concepts. The basic procedure is therefore:
- Create a request to change the permissions.
- Create role concepts (how do we want the assigned role to look like).
- Run the request as a whole (/start).
- REST endpoint /api/v1/role-requests
# Supports
- Basic CRUD operations (Creating, Reading, Updating, Deleting) and searching.
- Start approving process for the request (/start).
# API TODO: Swagger
# Examples ## Create role request We will created new request for change identity permission.
- Applicant is john doe.
- In example request you have to fill correct ID of john doe.
- The individual assigned roles change will made in the REST concepts roles.
### Request: ``` curl -i -X POST -H "Content-Type:application/json" -u admin:admin http://localhost:8080/idm-backend/api/v1/role-requests/ -d '{"applicant" : "7[FILL ID of john_doe]", "requestedyType" : "MANUALLY", "executeImmediately" : false, "description" : "Please check and approve the permission change"}'
```
### Response:
{ "id" : "d3bfb867-fc4d-4cf7-a53a-502bcab28c9d", "created" : "2017-06-14T10:39:26.904Z", "modified" : null, "creator" : "admin", "creatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d", "modifier" : null, "modifierId" : null, "originalCreator" : "admin", "originalCreatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d", "originalModifier" : null, "originalModifierId" : null, "applicant" : "7660871b-8b95-4676-87ba-742ffb5ee881", "state" : "CONCEPT", "requestedByType" : "MANUALLY", "wfProcessId" : null, "originalRequest" : null, "conceptRoles" : [ ], "executeImmediately" : false, "duplicatedToRequest" : null, "log" : null, "description" : "Please check and approve the permission change", "_trimmed" : false, "_embedded" : {!SHORTENED_FOR_CLARITY!} }, "_links" : { "self" : { "href" : "http://localhost:8080/idm-backend/api/v1/role-requests/d3bfb867-fc4d-4cf7-a53a-502bcab28c9d" } } }
## Start of role request After we have created request and individula role concepts, we can start approve process.
### Request: ``` curl -i -X PUT -u admin:admin http://localhost:8080/idm-backend/api/v1/role-requests/[FILL ID OF YOUR REQUEST]/start
```
### Response:
{ "id" : "d3bfb867-fc4d-4cf7-a53a-502bcab28c9d", "created" : "2017-06-14T10:39:26.904Z", "modified" : "2017-06-14T11:08:31.648Z", "creator" : "admin", "creatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d", "modifier" : "admin", "modifierId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d", "originalCreator" : "admin", "originalCreatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d", "originalModifier" : "admin", "originalModifierId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d", "applicant" : "7660871b-8b95-4676-87ba-742ffb5ee881", "state" : "EXECUTED", "requestedByType" : "MANUALLY", "wfProcessId" : "cb7fa523-50f1-11e7-887c-52540010eb43", "originalRequest" : "{[SHORTENED_FOR_CLEARITY]}", "conceptRoles" : [ ], "executeImmediately" : false, "duplicatedToRequest" : null, "log" : null, "description" : "Please check and approve the permission change", "_trimmed" : false, "_embedded" : {[SHORTENED_FOR_CLEARITY]} }, "_links" : { "self" : { "href" : "http://localhost:8080/idm-backend/api/v1/role-requests/d3bfb867-fc4d-4cf7-a53a-502bcab28c9d" } }