Qeo Open Source Project Documentation : /realms/{id}/policy (POST)

Created by lissensj on May 21, 2014

Description:	Replaces the current policy of a single user in the realm of a Qeo administrator
URL Structure:	https://my.qeo.org/qeo-rest-service/v1/realms/{id}/policy
HTTP Method:	POST
Parameters:	HTTP Authorization Path parameter: identifier of the realm to be interrogated (value is of type long) Body: Contains a list of policy rules and associated access rights of a single user in the realm in JSON format: {"user":...,"policy":[{ "name":"...","read_access":{"users":[...]},"write_access":{"users":[...]}}]} - All policy rules of the user in the realm will be replaced with the provided policy content. - Unknown user will result in an error (HTTP 400 Bad Request). Parameters on user level: "user" : value of type long, representing the user identifier "policy" : list of policy rules applicable for the specified user Parameters on policy level: "name" : UTF-8 string representing the policy rule Leading and trailing spaces are removed from the name. The provided name cannot be empty. "read_access" : (optional) determines read access of users on the policy rule null : (default) no read access for the policy rule "users" : list of user identifiers of type long possible values: null : no read access for the policy rule [] : empty array: coarse grained read access for the policy rule [1,3] : filled array: fine grained read access for the policy rule Note: cannot be mixed with coarse grained write access "write_access" : (optional) determines write access of users on the policy rule null : (default) no write access for the policy rule "users" : list of user identifiers of type long possible values: null : no write access for the policy rule [] : empty array: coarse grained write access for the policy rule [1,3] : filled array: fine grained write access for the policy rule Note: cannot be mixed with coarse grained read access Request Example https://my.qeo.org/qeo-rest-service/v1/realms/103/policy { "user":5, "policy":[{ "name":"my::hello::world::topic3::", "read_access":{ "users":[4,5,6] }, "write_access":{ "users":[5] } },{ "name":"my::hello::world::topic2::", "read_access":{ "users":[4] }, "write_access":null }] }
Response:	HTTP 200 OK Content-Type: application/json Body: Contains a list of users with their list of policy rules and associated access rights in JSON format: {"user":...,"type":"user","policy":[{"name":"..","type":"policy_rule","read_access":{"users":[]}, "write_access":{"users":[]}},{...}]} The returned parameters on user level: "user" : value of type long, representing the user identifier "type" : type of object returned (always "user") "policy" : list of policy rules applicable for the specified user The returned parameters on policy level: "name" : UTF-8 string representing the policy rule "type" : type of object returned (always "policy_rule") "users" : list of users identifiers (values of type long), where the policy rule belongs to "realm" : value of type long, represents the realm identifier "read_access" : determines read access of users on the policy rule null : no read access for the policy rule "users" : list of user identifiers of type long possible values: null : no read access for the policy rule [] : empty array: coarse grained read access for the policy rule [1,3] : filled array: fine grained read access for the policy rule "write_access" : determines write access of users on the policy rule null : no write access for the policy rule "users" : list of user identifiers of type long possible values: null : no write access for the policy rule [] : empty array: coarse grained write access for the policy rule [1,3] : filled array: fine grained write access for the policy rule Response Example { "user":5 "type":"user", "policy":[{ "name":"my::hello::world::topic3::", "users":[5], "realm":103, "type":"policy_rule" "read_access":{ "users":[4,5,6] }, "write_access":{ "users":[6] } },{ "name":"my::hello::world::topic2::", "users":[5], "realm":103, "type":"policy_rule" "read_access":{ "users":[4] }, "write_access":null }] }