Groups
A group is a way to organize users in a system. We can also give roles to groups instead of users.
Basic Operations
Basic operations of Create, List, Update and Destroy are available for groups
List all Groups
Call to /authorization/group to get all groups.
Request Object
+ URL /api/v2/authorization/group + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Sending this should get you back a valid response, an array with each group in the system.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "groupname": "root", "password": "x", "gid": 0, "users": [] }, { "groupname": "sudo", "password": "x", "gid": 27, "users": [ "open" ] }, { "groupname": "games", "password": "x", "gid": 60, "users": [] }, { "groupname": "nogroup", "password": "x", "gid": 65534, "users": [] }, { "groupname": "ssl-cert", "password": "x", "gid": 113, "users": [ "postgres" ] }, { "groupname": "users", "password": "x", "gid": 997, "users": [] }, { "groupname": "asdf", "password": "x", "gid": 1000, "users": [] }, { "groupname": "gitlab-runner", "password": "x", "gid": 995, "users": [] } ]
Get one Group
Call to /authorization/group/$GROUPNAME/details to get details on a specific group.
Request Object
+ URL /api/v2/authorization/group/$GROUPNAME/details + Method GET + Parameters group name (string, required, URL param) - the name of the group you'd like to get details about + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Sending this should get you back a valid response, an array with the group you requested.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "groupname": "asdf", "password": "x", "gid": 1000, "users": [], "roles": [], "permissions": [] }
Create a Group
Creating a group takes a groupname, as well as any desired role ids to be assigned to members of that group.
Request Object
+ URL /api/v2/authorization/group/create + Method POST + Parameters groupname (string, required, Body) - The name to be assigned to this group rids (string, optional, Body) - A comma delimited list of role ids. + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "groupname": "testing", "rids": "3" }
Response Object
Sending this should get you back a valid response, an array with the group you created.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "groupname": "testing", "password": "x", "gid": 1001, "users": [], "rids": [ "3" ] }
Update a Group
You may change the groupname, gid, and rids of any group you have created.
Request Object
+ URL /api/v2/authorization/group/$GROUPNAME/update + Method POST + Parameters groupname (string, required, URL param) - The current name of this group name (string, optional, Body) - The name to be assigned to this group after this update gid (number, optional, Body) - The gid to assign to this group rids (string, optional, Body) - A comma delimited list of role ids. + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "name": "testing_again", "gid": 1122, "rids": "1,2" }
Response Object
Sending this should get you back a valid response, an array with the group you updated.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "groupname": "testing_again", "password": "x", "gid": 1122, "users": [], "rids": [ "1", "2" ] }
Destroy a Group
Destroying a group removes the group from the system, but will not destroy the users assigned to that group.
Group Roles
Instead of Updating groups with role information, you can manage group to role ties directly. This is useful for Active Directory or otherwise 3rd party managed authorization sources where you want to assign roles to groups not managed by the Atlas System
Basic Operations
Basic operations of List, Assign, and Unassign are available for group roles.
List all Group to Role ties.
Listing all ties is very simple.
Request Object
+ URL /api/v2/authorization/group/role + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Sending this should get you back a valid response, an array with each group to role tie in the system.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 1, "hostid": "09e3b2bd", "groupname": "sudo", "rid": 2, "createdAt": "2020-09-09T03:10:21.227Z", "updatedAt": "2020-09-09T03:10:21.227Z", "provider_name": "local" }, { "id": 10, "hostid": "09e3b2bd", "groupname": "admin", "rid": 1, "createdAt": "2020-09-28T18:56:27.493Z", "updatedAt": "2020-09-28T18:56:27.493Z", "provider_name": "local" }, { "id": 11, "hostid": "09e3b2bd", "groupname": "employees", "rid": 2, "createdAt": "2020-09-28T18:56:27.493Z", "updatedAt": "2020-09-28T18:56:27.493Z", "provider_name": "my-active-directory" } ]
Get Group Role ties for a Group
You can also get all role ties for a specific group
Request Object
+ URL /api/v2/authorization/group/role/details + Method POST + Parameters groupname (string, required, Body) - The name of the group to get ties for + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "groupname": "sudo" }
Response Object
Sending this should get you back a valid response, an array with each group to role tie in the system for your group.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 1, "hostid": "09e3b2bd", "groupname": "sudo", "rid": 2, "createdAt": "2020-09-09T03:10:21.227Z", "updatedAt": "2020-09-09T03:10:21.227Z", "providerName": "local" } ]
Assign a Role to a Group
You can assign a role to a group rather simply
Request Object
+ URL /api/v2/authorization/group/role/assign + Method POST + Parameters groupname (string, required, Body) - The name of the group to assign rid (number, required, Body) - The role ID number to assign providerName (number, optional, Body) - The provider name associated with this groupname. If not provided, this value will default to "local". + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "groupname": "employees", "rid": 4, "providerName": "my-active-directory" }
Response Object
You will be returned the newly created entry.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 14, "hostid": "09e3b2bd", "groupname": "employees", "rid": 4, "createdAt": "2020-09-28T19:02:18.282Z", "updatedAt": "2020-09-28T19:02:18.282Z", "providerName": "my-active-directory" } ]
Unassign a Role from a Group
Similar to Assign, you may also un-assign.
Request Object
+ URL /api/v2/authorization/group/role/unassign + Method POST + Parameters groupname (string, required, Body) - The name of the group to unassign rid (number, required, Body) - The role ID number to unassign providerName (number, required, Body) - The provider name associated with this groupname + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "groupname": "sudo", "rid": 4, "providerName": "local }