Each resource contains a permissions
sub-collection. Each permission
contains a user
, an assigned role
and the specified resource. For example:
GET /api/collection/resource_id/permissions HTTP/1.1
Accept: application/xml
HTTP/1.1 200 OK
Content-Type: application/xml
<permissions>
<permission id="permission-id"
href="/api/collection/resource_id/permissions/permission_id">
<role id="role_id" href="/api/roles/role_id"/>
<user id="user_id" href="/api/users/user_id"/>
<resource id="resource_id" href="/api/collection/resource_id"/>
</permission>
...
</permissions>
A resource acquires a new permission when an API user sends a POST
request with a permission
representation and a Content-Type: application/xml
header to the resource's permissions
sub-collection. Each new permission requires a role
and a user
:
POST /api/collection/resource_id/permissions HTTP/1.1
Content-Type: application/xml
Accept: application/xml
<permission>
<role id="role_id"/>
<user id="user_id"/>
</permission>
HTTP/1.1 201 Created
Content-Type: application/xml
<permission id="permission_id"
href="/api/resources/resource_id/permissions/permission_id">
<role id="role_id" href="/api/roles/role_id"/>
<user id="user_id" href="/api/users/user_id"/>
<resource id="resource_id" href="/api/collection/resource_id"/>
</permission>