Role Change
Personas in this Story: Default, Member.
In this story, we'll see how owner can change user's role. First, lets create one member and one subcontractor. We'll use member account to check whether permissions are blocked for members who are not owners, and we'll use subcontractor account to change its role:
Response: HTTP 200, application/json (Hide)
POST /users
Payload:
1 2 3 4 5 6
{ "type": "Member", "email": "member@activecollab.com", "password": "123", "company_id": 1 }
Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
{ "single": { "id": 2, "class": "Member", "url_path": "\/users\/2", "is_archived": false, "is_trashed": false, "trashed_on": null, "trashed_by_id": 0, "created_on": 1430164666, "created_by_id": 1, "updated_on": 1430164666, "updated_by_id": 1, "language_id": 0, "first_name": "Member", "last_name": null, "display_name": "member", "short_display_name": "member", "email": "member@activecollab.com", "additional_email_addresses": [], "is_pending_activation": false, "avatar_url": "http:\/\/feather.dev\/proxy.php?proxy=avatar&module=system&v=current&b=DEV&user_id=2&size=--SIZE--×tamp=1430164666", "custom_permissions": [], "company_id": 1, "title": null, "phone": null, "im_type": null, "im_handle": null, "note": null } }
Response: HTTP 200, application/json (Hide)
POST /users
Payload:
1 2 3 4 5 6
{ "type": "Subcontractor", "email": "subcontractor@activecollab.com", "password": "123", "company_id": 1 }
Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
{ "single": { "id": 3, "class": "Subcontractor", "url_path": "\/users\/3", "is_archived": false, "is_trashed": false, "trashed_on": null, "trashed_by_id": 0, "created_on": 1430164666, "created_by_id": 1, "updated_on": 1430164666, "updated_by_id": 1, "language_id": 0, "first_name": "Subcontractor", "last_name": null, "display_name": "subcontractor", "short_display_name": "subcontractor", "email": "subcontractor@activecollab.com", "additional_email_addresses": [], "is_pending_activation": false, "avatar_url": "http:\/\/feather.dev\/proxy.php?proxy=avatar&module=system&v=current&b=DEV&user_id=3&size=--SIZE--×tamp=1430164666", "custom_permissions": [], "company_id": 1, "title": null, "phone": null, "im_type": null, "im_handle": null, "note": null } }
If member tries to change the role, system will reject the request:
Response: HTTP 403, text/html
PUT /users/3/change-role (as Member)
Payload:
1 2 3 4 5 6
{ "role": "Member", "custom_permissions": [ "can_manage_projects" ] }
Owner on the other hand will be able to change subcontractor's role to member, and set custom permissions:
Response: HTTP 200, application/json (Hide)
PUT /users/3/change-role
Payload:
1 2 3 4 5 6
{ "role": "Member", "custom_permissions": [ "can_manage_projects" ] }
Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
{ "single": { "id": 3, "class": "Member", "url_path": "\/users\/3", "is_archived": false, "is_trashed": false, "trashed_on": null, "trashed_by_id": 0, "created_on": 1430164666, "created_by_id": 1, "updated_on": 1430164667, "updated_by_id": 1, "language_id": 0, "first_name": "Subcontractor", "last_name": null, "display_name": "subcontractor", "short_display_name": "subcontractor", "email": "subcontractor@activecollab.com", "additional_email_addresses": [], "is_pending_activation": false, "avatar_url": "http:\/\/feather.dev\/proxy.php?proxy=avatar&module=system&v=current&b=DEV&user_id=3&size=--SIZE--×tamp=1430164667", "custom_permissions": [ "can_manage_projects" ], "company_id": 1, "title": null, "phone": null, "im_type": null, "im_handle": null, "note": null } }
Member's custom permissions can be changed without role change:
Response: HTTP 200, application/json (Hide)
PUT /users/3/change-role
Payload:
1 2 3 4 5 6
{ "role": "Member", "custom_permissions": [ "can_manage_settings" ] }
Response:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
{ "single": { "id": 3, "class": "Member", "url_path": "\/users\/3", "is_archived": false, "is_trashed": false, "trashed_on": null, "trashed_by_id": 0, "created_on": 1430164666, "created_by_id": 1, "updated_on": 1430164667, "updated_by_id": 1, "language_id": 0, "first_name": "Subcontractor", "last_name": null, "display_name": "subcontractor", "short_display_name": "subcontractor", "email": "subcontractor@activecollab.com", "additional_email_addresses": [], "is_pending_activation": false, "avatar_url": "http:\/\/feather.dev\/proxy.php?proxy=avatar&module=system&v=current&b=DEV&user_id=3&size=--SIZE--×tamp=1430164667", "custom_permissions": [ "can_manage_settings" ], "company_id": 1, "title": null, "phone": null, "im_type": null, "im_handle": null, "note": null } }