Permission System
Introduction
Permissions define what actions can be performed on a resource. Each permission has a unique name and represents a specific action in the related resource. Each resource contains a list of policies which define permissions of members and groups. Upon every action, the API checks member policies and policies of group which the user is a member of. It will check the policies inside the resource as well as in check the policies of the parent resource in case of Group and Poll resources. Then API will calculate the maximum permission of the user based on all found policies and perform the action if the user has the required permission. Otherwise, the API will return an error.
Binary System
Inside the policy, permissions are represented as integers. An integer can be converted to a binary number, in which each bit represents a specific permission. For example, if the permission is 4, the binary number then is 0b1010
, it means that the resource has permissions 0b1000
and 0b0010
. This system allows for efficient use of space as well as fast calculation of permissions. Using bitwise operators the system can quickly check if a user has a required permission.
Permission Types
There are currently 3 types/classes of permissions: Workspace Permissions, Group Permissions, and Poll Permissions.
get_workspace
- Get workspace information
update_workspace
- Update workspace information (name, description)
delete_workspace
- Delete workspace
get_members
- Get list of members in the workspace
add_members
- Add members to the workspace
remove_members
- Remove members from the workspace
get_groups
- Get list of groups in the workspace
add_groups
- Add groups to the workspace
update_groups
- Update groups in the workspace
delete_groups
- Delete groups from the workspace
get_policies
- Get list of policies in the workspace
add_policies
- Add policies to the workspace
update_policies
- Update policies in the workspace
delete_policies
- Delete policies from the workspace
get_polls
- Get list of polls in the workspace
create_polls
- Create polls in the workspace
delete_polls
- Delete polls from the workspace
get_group
- Get group information
update_group
- Get group information
delete_group
- Delete group
get_members
- Get list of members in the group
add_members
- Add members to the group
remove_members
- Remove members from the group
get_policies
- Get list of policies in the group
add_policies
- Add policies to the group
update_policies
- Update policies in the group (set permissions)
delete_policies
- Delete policies from the group
get_poll
- Get poll information
get_questions
- Get questions in the poll
update_poll
- Update poll (name, description, questions)
delete_poll
- Delete poll
get_policies
- Get list of policies in the poll
add_policies
- Add policies to the poll
update_policies
- Update policies in the poll (set permissions)
delete_policies
- Delete policies from the poll
Permission Requests and Responses
The user can request the list of all available permissions for a specific type of resource.
For example, to get list of available permissions for Workspace, the client can send a GET
request to https://<api-url>/workspaces/permissions
Note: The user must be authenticated to make this request.
To update policies, the Request body accepts permissions as a list of strings. The API will convert the list of strings to the appropriate integer and store it in the database. When the API returns a list of policies, it will convert the digit to a list of strings.