Role Change

Personas in this Story: Default, Member.

In this story, we'll see how owner can change user's role. First, lets create one member and one subcontractor. We'll use member account to check whether permissions are blocked for members who are not owners, and we'll use subcontractor account to change its role:

Response: HTTP 200, application/json (Hide)

POST /users

Payload:

1
2
3
4
5
6
{
    "type": "Member",
    "email": "member@activecollab.com",
    "password": "123",
    "company_id": 1
}

Response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{
    "single": {
        "id": 2,
        "class": "Member",
        "url_path": "\/users\/2",
        "is_archived": false,
        "is_trashed": false,
        "trashed_on": null,
        "trashed_by_id": 0,
        "created_on": 1430164666,
        "created_by_id": 1,
        "updated_on": 1430164666,
        "updated_by_id": 1,
        "language_id": 0,
        "first_name": "Member",
        "last_name": null,
        "display_name": "member",
        "short_display_name": "member",
        "email": "member@activecollab.com",
        "additional_email_addresses": [],
        "is_pending_activation": false,
        "avatar_url": "http:\/\/feather.dev\/proxy.php?proxy=avatar&module=system&v=current&b=DEV&user_id=2&size=--SIZE--&timestamp=1430164666",
        "custom_permissions": [],
        "company_id": 1,
        "title": null,
        "phone": null,
        "im_type": null,
        "im_handle": null,
        "note": null
    }
}

Response: HTTP 200, application/json (Hide)

POST /users

Payload:

1
2
3
4
5
6
{
    "type": "Subcontractor",
    "email": "subcontractor@activecollab.com",
    "password": "123",
    "company_id": 1
}

Response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{
    "single": {
        "id": 3,
        "class": "Subcontractor",
        "url_path": "\/users\/3",
        "is_archived": false,
        "is_trashed": false,
        "trashed_on": null,
        "trashed_by_id": 0,
        "created_on": 1430164666,
        "created_by_id": 1,
        "updated_on": 1430164666,
        "updated_by_id": 1,
        "language_id": 0,
        "first_name": "Subcontractor",
        "last_name": null,
        "display_name": "subcontractor",
        "short_display_name": "subcontractor",
        "email": "subcontractor@activecollab.com",
        "additional_email_addresses": [],
        "is_pending_activation": false,
        "avatar_url": "http:\/\/feather.dev\/proxy.php?proxy=avatar&module=system&v=current&b=DEV&user_id=3&size=--SIZE--&timestamp=1430164666",
        "custom_permissions": [],
        "company_id": 1,
        "title": null,
        "phone": null,
        "im_type": null,
        "im_handle": null,
        "note": null
    }
}

If member tries to change the role, system will reject the request:

Response: HTTP 403, text/html

PUT /users/3/change-role (as Member)

Payload:

1
2
3
4
5
6
{
    "role": "Member",
    "custom_permissions": [
        "can_manage_projects"
    ]
}

Owner on the other hand will be able to change subcontractor's role to member, and set custom permissions:

Response: HTTP 200, application/json (Hide)

PUT /users/3/change-role

Payload:

1
2
3
4
5
6
{
    "role": "Member",
    "custom_permissions": [
        "can_manage_projects"
    ]
}

Response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
    "single": {
        "id": 3,
        "class": "Member",
        "url_path": "\/users\/3",
        "is_archived": false,
        "is_trashed": false,
        "trashed_on": null,
        "trashed_by_id": 0,
        "created_on": 1430164666,
        "created_by_id": 1,
        "updated_on": 1430164667,
        "updated_by_id": 1,
        "language_id": 0,
        "first_name": "Subcontractor",
        "last_name": null,
        "display_name": "subcontractor",
        "short_display_name": "subcontractor",
        "email": "subcontractor@activecollab.com",
        "additional_email_addresses": [],
        "is_pending_activation": false,
        "avatar_url": "http:\/\/feather.dev\/proxy.php?proxy=avatar&module=system&v=current&b=DEV&user_id=3&size=--SIZE--&timestamp=1430164667",
        "custom_permissions": [
            "can_manage_projects"
        ],
        "company_id": 1,
        "title": null,
        "phone": null,
        "im_type": null,
        "im_handle": null,
        "note": null
    }
}

Member's custom permissions can be changed without role change:

Response: HTTP 200, application/json (Hide)

PUT /users/3/change-role

Payload:

1
2
3
4
5
6
{
    "role": "Member",
    "custom_permissions": [
        "can_manage_settings"
    ]
}

Response:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
    "single": {
        "id": 3,
        "class": "Member",
        "url_path": "\/users\/3",
        "is_archived": false,
        "is_trashed": false,
        "trashed_on": null,
        "trashed_by_id": 0,
        "created_on": 1430164666,
        "created_by_id": 1,
        "updated_on": 1430164667,
        "updated_by_id": 1,
        "language_id": 0,
        "first_name": "Subcontractor",
        "last_name": null,
        "display_name": "subcontractor",
        "short_display_name": "subcontractor",
        "email": "subcontractor@activecollab.com",
        "additional_email_addresses": [],
        "is_pending_activation": false,
        "avatar_url": "http:\/\/feather.dev\/proxy.php?proxy=avatar&module=system&v=current&b=DEV&user_id=3&size=--SIZE--&timestamp=1430164667",
        "custom_permissions": [
            "can_manage_settings"
        ],
        "company_id": 1,
        "title": null,
        "phone": null,
        "im_type": null,
        "im_handle": null,
        "note": null
    }
}