All methods return an object containing permission information based on the authenticated staff user.
GET /api/.../sysadmin/permissions/granted/{id}?ownerID={ownerID}
If ownerID > 0, checks permission for a specific granting organization. If the permission is not owned, the ownerID value is ignored. If ownerID = 0, returns IsPermitted set to true if permission is granted at *any* organization. In this scenarion, it will not return the list though.
GET /api/.../sysadmin/permissions/granted/{id}?ownerIDs={ownerID}
Allows the caller to check a single permission at a single time when provided with a comma delimited list of org ids. Returns IsPermitted equal to true if the permission for all orgs is granted. Returns IsPermitted equal to false if permission is not granted. If a permission is not granted, the associated permission description will be provided in the PermissionDescriptions array.
GET /api/.../sysadmin/permissions/granted/{id}?returnGrantingOrgs=true
Returns a list of all granting organization IDs for the specific permission. This type of list may be used to determine if a user is permitted to do an operation at *any* organization. Returns IsPermitted set to true if at least one organization grants the permission to the caller. This is a common call to make when the caller needs to filter a list based on permissions.
GET /api/.../sysadmin/permissions/granted?ids={ids}&ownerID={ownerID}
Allows the caller to check a group of permissions at a single time when provided with a comma delimited list of permission ids. Returns IsPermitted equal to true if all of the permissions are granted. Returns IsPermitted equal to false if any permission is not granted. If a permission is not granted, the associated permission description will be provided in the PermissionDescriptions array. If ownerID > 0, checks permission for a specific granting organization. If the permission is not owned, the ownerID value is ignored. If ownerID = 0, checks each individual permission for granted rights at *any* organization.
GET /api/.../sysadmin/permissions/granted?ids={ids}&returnGrantingOrgs=true
Allows the caller to check a group of permissions at a single time when provided with a comma delimited list of permission ids. Returns the intersecting set of granting organization IDs based on the provided list of permissions. Returns IsPermitted equal to true if all of the permissions are granted at at least one intersecting granting organization. Returns IsPermitted equal to false if no intersecting granting organization can be found. If IsPermitted is false, the associated "not permitted" permission descriptions will be provided in the PermissionDescriptions array. This type of list may be used to filter lists.
DELETE /api/.../sysadmin/permissions/users/{id}
Allows the caller to clear any cached permissions for the logged in user. The id supplied must match the logged in user ID supplied in the API credentials. This does not clear permission overrides.
POST /api/.../sysadmin/permissions/users/{id}/overrides
In order to perform certain operations, permissions are required. If a user does not have permission, temporary permission may be granted by using permission overrides. This endpoint provides permission override support for OAuth installations. It accepts an ID token in JWT format and a list of permission ids and owners.
Permissions may only be overridden for the current "logged on user" and the id token will be validated. An id token may only be used a single time to perform an override.
If successful, the result will contain IsPermitted set to true. The permission list descriptions will be empty. If any permission is not overridden, the result will contain IsPermitted set to false. The permission list will contain descriptions for all permissions not overridden.
Permissions may be owned or not owned. If a permission is owned, it may be owned at the system, library and/or branch levels. That means a specific organization is allowed to control the permission. If a permission is not owned, there is only a single value in the database. Organization is not a factor with non-owned permissions.
There are 2 main scenarios for checking permissions.
If an owner ID is supplied, the method will attempt to determine if the permission is granted. If a permission is not owned, it's still ok to pass in an owner ID. It will simply be ignored. For this reason it's best to always pass in an owner ID unless you specifically know the permission is not owned or you want to return a list of all granting owner IDs.
If an owner ID is not supplied, permission may still be evaluated if the permission is not owned. Otherwise, a list list of granting owner IDs will be returned.
Override Credentials
If the calling user ID is not granted permission. The method will
check for the presence of valid override credentials in the HTTP
request header. If present, the override user ID will be used
to check for permission.
A list of permission IDs may be found here.
| Name | Type | Required | Description |
|---|---|---|---|
| id | Integer | Yes | Permission Id. Define this parameter in the request URI. |
| ids | String | Yes | Comma delimited list of permission Ids. Define this parameter in the request URI. |
| ownerID | Integer | See description. | Sets the owner (granting organization) ID to check for a specific permission. May not be used with returnGrantingOrgs query string value. |
| returnGrantingOrgs | Boolean | See description. | Set to yes to list all organizations that grant a specific permission to the user. May not be used with ownerID query string value. |
The PermissionDescriptions array only contains data when a permission is not granted. This data may be used to request override information from the caller.
| Property | Type | Description |
|---|---|---|
| IsPermitted | Boolean | Overall result of permission check. |
| OwnerIDs | Int[] | When called with the returnGrantingOrgs query string value, returns a list of granting organization IDs. |
| PermissionDescriptions | DtoPermissionDescription[] | If a permission is not permitted, its information will be contained here. |
| Property | Type | Description |
|---|---|---|
| Subsystem | Int |
SA permission subsystem ID:
|
| PermissionID | Int | Permission ID. |
| ControlRecordName | String | Name of SA permission control record. |
| PermissionName | String | Name of permission. |
| Permitted | Boolean | Is this permission permitted? |
| AllowOverride | Boolean | Internal use only. |
| Owner | Int | Owning organization ID that granted/denied this permission. |
| IsOwned | Int | Internal use only. |
| Owners | Int[] | Internal use only. |
| OverrideUserID | Int | Internal use only. |
{
"IsPermitted":true,
"OwnerIDs":null,
"PermissionDescriptions":[]
}
{
"IsPermitted":false,
"OwnerIDs":null,
"PermissionDescriptions":[
{
"Subsystem":2,
"PermissionID":83,
"ControlRecordName":"Patron registration",
"PermissionName":"Create",
"Permitted":false,
"AllowOverride":true,
"Owner":3,
"IsOwned":true,
"Owners":[],
"OverrideUserID":0
}
]
}
{
"IsPermitted":true,
"OwnerIDs":[
3,
5
],
"PermissionDescriptions":[]
}
{
"IsPermitted":false,
"OwnerIDs":[],
"PermissionDescriptions":[ {
"Subsystem":2,
"PermissionID":84,
"ControlRecordName":"Patron registration",
"PermissionName":"Modify",
"Permitted":false,
"AllowOverride":true,
"Owner":0,
"IsOwned":true,
"Owners":[],
"OverrideUserID":0
},
{
"Subsystem":2,
"PermissionID":87,
"ControlRecordName":"Patron registration",
"PermissionName":"Create express registration record",
"Permitted":false,
"AllowOverride":true,
"Owner":0,
"IsOwned":true,
"Owners":[],
"OverrideUserID":0
}
]
}
| Code | Description |
|---|---|
| 200 | OK. Success |