Add permission management documentation

2019-04-10 17:02:53 +03:00 · 2019-04-10 17:02:53 +03:00 · 08af2ded72
commit 08af2ded72
parent ec0b70ed7e
2 changed files with 63 additions and 1 deletions
--- a/authorization_services/topics/service-protection-permission-api-papi.adoc
+++ b/authorization_services/topics/service-protection-permission-api-papi.adoc
@ -71,3 +71,63 @@ curl -X POST \

 Where these claims will be available to your policies when evaluating permissions for the resource and scope(s) associated
 with the permission ticket.
+
+== Other non UMA-compliant endpoints
+
+=== Creating permission ticket
+
+To grant permissions for a specific resource with id {resource_id} to a user with id {user_id}, as an owner of the resource send an HTTP POST request as follows:
+
+```bash
+curl -X POST \
+     http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
+     -H 'Authorization: Bearer '$access_token \
+     -H 'Content-Type: application/json' \
+     -d '{
+       "resource": "{resource_id}",
+       "requester": "{user_id}",
+       "granted": true,
+       "scopeName": "view"
+     }'
+```
+
+=== Getting permission tickets
+
+```bash
+curl http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
+     -H 'Authorization: Bearer '$access_token
+```
+
+You can use any of these query parameters:
+
+* `scopeId`
+* `resourceId`
+* `owner`
+* `requester`
+* `granted`
+* `returnNames`
+* `first`
+* `max`
+
+=== Updating permission ticket
+
+```bash
+curl -X PUT \
+     http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket \
+     -H 'Authorization: Bearer '$access_token \
+     -H 'Content-Type: application/json' \
+     -d '{
+       "id": "{ticket_id}"
+       "resource": "{resource_id}",
+       "requester": "{user_id}",
+       "granted": false,
+       "scopeName": "view"
+     }'
+```
+
+=== Deleting permission ticket
+
+```bash
+curl -X DELETE http://${host}:${port}/auth/realms/${realm_name}/authz/protection/permission/ticket/{ticket_id} \
+     -H 'Authorization: Bearer '$access_token
+```
--- a/tests/src/test/resources/ignored-variables
+++ b/tests/src/test/resources/ignored-variables
@ -19,4 +19,6 @@ keycloak.access_token['/sub']
 keycloak.access_token['/preferred_username']
 keycloak.access_token['/custom_claim']
 resource_id
-$evaluation.grant()
+user_id
+ticket_id
+$evaluation.grant()