Permissions#

Permissions always have a unique name like user.create and optional additional options.

Setting permissions#

Setting permissions requires the permissions.update permission and is accomplished by calling:

PUT /permissions/user/<user_id>

[
    {
        "name": "<name_of_first_permission>",
        "options": null
    },
    {
        "name": "<name_of_second_permission>",
        "options": {
            "hello": "world"
        }
    }
]

The options-field contains the options available for the certain permission.

Retrieving permissions#

Retrieving permissions for users requires the permissions.view permission, if not retrieving for the caller. Retrieval is done via:

GET /permissions/user/<user_id>

Response:

[
    {
        "name": "<name_of_first_permission>",
        "options": null
    },
    {
        "name": "<name_of_second_permission>",
        "options": {
            "hello": "world"
        }
    }
]

Permission list#

This is a list of all available permissions.

Permissions#

Permissions regarding permissions themselves like updating or retrieving.

permissions.update#

Allows setting permissions for users.

Options: none

permissions.view#

Allows retrieving permissions of users.

Options: none

Address book#

logistics.address-book.entry.create.any#

Allows creating address book entries, that can also be global or associated to foreign users. This also includes associating entries with operations, the target user or the requesting client is not part of.

Options: none

logistics.address-book.entry.update.any#

Allows updating address book entries, that can also be global or associated to foreign users. This also includes associating entries with operations, the target user or the requesting client is not part of.

Options: none

logistics.address-book.entry.delete.any#

Allows deletion of address book entries, that can also be global or associated to foreign users. This also includes associating entries with operations, the requesting client is not part of.

Options: none

logistics.address-book.entry.view.any#

Allows retrieval of all address book entries, including that can also be global or associated to foreign users. This also includes associating entries with operations, the requesting client is not part of.

Options: none

logistics.intel-delivery.manage#

Allows full control over intel delivery, including attempt creation and marking intel as delivered.

Options: none

logistics.intel-delivery.deliver#

Allows delivering intel as well as viewing and marking intel delivery attempts as finished.

Options: none

Groups#

group.create#

Allows creating groups.

Options: none

group.update#

Allows updating groups.

Options: none

group.delete#

Allows deleting groups.

Options: none

group.view#

Allows retrieving of groups with details.

Options: none

Intelligence#

intelligence.intel.create#

Allows creating intel (if member of operation).

Options: none

intelligence.intel.invalidate#

Allows invalidating intel (if member of operation).

Options: none

intelligence.intel.view.any#

Allows viewing any intel (if member of operation), even if not assigned to.

Options: none

Operations#

operation.view.any#

Allows listing and viewing all registered operations. In contrast to that, usually, only viewing operations via id is allowed.

operation.create#

Allows creating operations.

operation.update#

Allows updating of operations. This also includes marking them as finished or archived.

operation.members.view#

Allows retrieving members for operations.

operation.members.update#

Allows (un)assigning members to operations.

Radio delivery#

radio-delivery.deliver.any#

Allows delivering any radio delivery.

Options: none

radio-delivery.deliver.any#

Allows managing, assigning and releasing any radio delivery.

Options: none

Users#

user.create#

Allows creating users.

Options: none

user.set-active-state#

Allows setting the active-state for users.

Options: none

user.set-admin#

Allows setting the is-admin-state of users.

Options: none

user.update#

Allows updating a user. If the is-admin-state is wanted to be changed, the user.set-admin permission is required, too.

Options: none

user.update-pass#

Allows setting the password of other users.

Options: none

user.view#

Allows retrieving information of other users.

Options: none

Misc#

core.search.rebuild-index#

Allows rebuilding of search indices. Because of taking a long time, this permission is required.

Options: none