Role request REST endpoint

This is a basic endpoint that allows assign role to identity. A direct change of permission, i.e. adding/editing/removing a link between an identity and a role directly via REST API is not possible. All permission changes can be made via the role request REST API.

The role request is only an envelope that defines the applicant (to whom we change the authorization) and the type of request (automatic/manual, request without approval). The specific changes required for each role are managed in the REST of the role concepts. The basic procedure is therefore:

  1. Create a request to change the permissions.
  2. Create role concepts (how do we want the assigned role to look like).
  3. Run the request as a whole (/start).
  • REST endpoint /api/v1/role-requests

Supports

  • Basic CRUD operations (Creating, Reading, Updating, Deleting) and searching.
  • Start approving process for the request (/start).
If you want to use the REST API, you must be logged in. The easiest way is to use Basic authentication directly in request "- u admin: admin".

API

TODO: Swagger

Examples

We will created new request for change identity permission.

  • Applicant is john doe.
  • In example request you have to fill correct ID of john doe.
  • The individual assigned roles change will made in the REST concepts roles.

Request:

curl -i -X POST -H "Content-Type:application/json" -u admin:admin http://localhost:8080/idm-backend/api/v1/role-requests/ -d '{"applicant" : "7[FILL ID of john_doe]", "requestedyType" : "MANUALLY", "executeImmediately" : false, "description" : "Please check and approve the permission change"}'

Response:

{
  "id" : "d3bfb867-fc4d-4cf7-a53a-502bcab28c9d",
  "created" : "2017-06-14T10:39:26.904Z",
  "modified" : null,
  "creator" : "admin",
  "creatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
  "modifier" : null,
  "modifierId" : null,
  "originalCreator" : "admin",
  "originalCreatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
  "originalModifier" : null,
  "originalModifierId" : null,
  "applicant" : "7660871b-8b95-4676-87ba-742ffb5ee881",
  "state" : "CONCEPT",
  "requestedByType" : "MANUALLY",
  "wfProcessId" : null,
  "originalRequest" : null,
  "conceptRoles" : [ ],
  "executeImmediately" : false,
  "duplicatedToRequest" : null,
  "log" : null,
  "description" : "Please check and approve the permission change",
  "_trimmed" : false,
  "_embedded" : {!SHORTENED_FOR_CLARITY!}
  },
  "_links" : {
    "self" : {
      "href" : "http://localhost:8080/idm-backend/api/v1/role-requests/d3bfb867-fc4d-4cf7-a53a-502bcab28c9d"
    }
  }
}

After we have created request and individula role concepts, we can start approve process.

Request:

curl -i -X PUT -u admin:admin http://localhost:8080/idm-backend/api/v1/role-requests/[FILL ID OF YOUR REQUEST]/start

Response:

{
  "id" : "d3bfb867-fc4d-4cf7-a53a-502bcab28c9d",
  "created" : "2017-06-14T10:39:26.904Z",
  "modified" : "2017-06-14T11:08:31.648Z",
  "creator" : "admin",
  "creatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
  "modifier" : "admin",
  "modifierId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
  "originalCreator" : "admin",
  "originalCreatorId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
  "originalModifier" : "admin",
  "originalModifierId" : "d0c47adb-4cbd-4551-bb20-87567ff7892d",
  "applicant" : "7660871b-8b95-4676-87ba-742ffb5ee881",
  "state" : "EXECUTED",
  "requestedByType" : "MANUALLY",
  "wfProcessId" : "cb7fa523-50f1-11e7-887c-52540010eb43",
  "originalRequest" : "{[SHORTENED_FOR_CLEARITY]}",
  "conceptRoles" : [ ],
  "executeImmediately" : false,
  "duplicatedToRequest" : null,
  "log" : null,
  "description" : "Please check and approve the permission change",
  "_trimmed" : false,
  "_embedded" : {[SHORTENED_FOR_CLEARITY]}
  },
  "_links" : {
    "self" : {
      "href" : "http://localhost:8080/idm-backend/api/v1/role-requests/d3bfb867-fc4d-4cf7-a53a-502bcab28c9d"
    }
  }