Appearance

Permissions

Trivial Permissions make it possible to share resources by granting Users with access to perform different operations on various resources, e.g, App, Manifest, ManifestDraft, and CredentialSet. For each resource type, there are grantable permissions for read, update, destroy, transfer, grant, and revoke.

Permissions are also directly related to Organizations in Trivial. When a user has an admin role for an Organization, they automatically have ALL privileges on ALL resources.

The Permissions API

Permissions can be granted through the Trivial API.

The /permission endpoint is for interacting with singular permits.

A request to the Permissions API follows the schema: /permission/{permit}/{permissible_type}/{permissible_id}/users/{user_id}

  • {permit} is the name of the operation.
  • {permissible_type} is the name of the resource.
  • {permissible_id} is the internal ID for that resource instance.
  • {user_id} is the internal user ID for the user being granted the permission.

The /permissions endpoint is for interacting with multiple permits. A request to this endpoint will omit the permit: /permissions/{permissible_type}/{permissible_id}/users/{user_id}

Granting Users Permissions to Resources

As an example, send a POST request to /permissions/credential_sets/1/users/5 to grant all permissions to user 5 for credential set 1. Assuming the API is running on port 3000:

javascript
await fetch('http://localhost:3000/permissions/credential_sets/1/users/5', {
  method: "POST",
  headers: { 'Content-Type': 'application/json' }
})
.then(response => response.json())
json
{
    "user_id": 5,
    "permissions": [
        {
            "permissible_type": "Credential Set",
            "permissible_id": 1,
            "permits": [
                "read",
                "update",
                "destroy",
                "transfer",
                "grant",
                "revoke"
            ],
            "ids": [
                21,
                22,
                23,
                24,
                25,
                26
            ]
        }
    ]
}

Revoking Permissions

To revoke a user's Permission from a resource, a DELETE request can be sent to the desired endpoint:

javascript
// revoke only the transfer permit from user 1 on manifest 1
await fetch('http://localhost:3000/permission/transfer/manifests/1/users/1', {
  method: "DELETE",
  headers: { 'Content-Type': 'application/json' }
})
.then(response => response.json())
json
{ message: 'Delete OK' }

[0] Assuming manual invoices are sent on the 4th of each month, delivering on the 1st is 3 out of 4 days faster-- a 75% speed improvement.

Copyright © 2021-present Trivial, Inc.
All rights to Trivial™ and TrivialJS™ trademarks reserved.