Version: 1.0.0

Permissions - Management

Potion allows you to perform very fine authorization possibilities, to make this more easy for you or your administrators, we provide a permission interface to make the configuration as easy as ABC. To access this interface, simply go to your administration > Users > Right Management


Create a Permission Set

By default we provide 3 permissions set configured to match the basic needs of comunity networks. Admins, Members and Visitors, you can edit each of those roles but you can also create some new roles for matching your specific needs. To create a role, click on the create button on the right management listing. It will open the following view:

Fields are rather common and we will not explain them here, nevertheless you will notice a checkbox to allow user to display this role as a tagline. When checked, you will receive with the user object, the information about this role, it could be very convenient if you want to display role in your application, you can also upload an image to match a role in order to display it next to you user profile picture for exemple.

Configure a Permission Set

When creating or editing a right set you will find the following interface :

The left column list all the availables permissions categories, for each of them you will find differents options on the right column. The screen in the exemple show you the status permissions options. Simply enable, or not, the availables options to allow this role to perform this kind of actions.

Manage users

The interface allow you to simply manage users inside a permission set. Search for you user and simply add it

Notice that you can also edit a user role via the API.

Access current user permissions

To access the current user permissions simply perform a HTTP GET request to the Permissions endpointAPI.

If you want permissions for non connected users, simply remove the user_id from the url.

You can also access a user permissions via the following url :

/public-api/v1/users/USER_ID/permissions

curl -X GET \
https://YOUR_PROJECT_DOMAIN.potion.social/public-api/v1/permissions?user_id=42 \
-H 'Api-Key: YOUR_API_KEY' \
-H 'Api-Secret: YOUR_API_SECRET' \
-H 'Content-Type: application/json' \

You will receive an object, ordered by permission categories and listing you what you can do with boolean values.

{
"posts":{
"any":true,
"newsletter":true,
"edit":true,
"index":true,
"create":true,
"show":true,
"destroy":true,
"moderate":true,
"seo":true,
"validate":true
},
"users":{
"edit":true,
"destroy":true,
"export":true,
"import":true,
"multi_sectors":true,
"index":true,
"landing":true,
"show":true,
"add_roles":true,
"edit_roles":true,
"destroy_roles":true,
"can_use_api":true
},
"statuses":{
"any":true,
"edit":true,
"index":true,
"create":true,
"show":true,
"destroy":true,
"moderate":true,
"seo":true,
"landing":true,
"in_profile":true,
"publish_as":true,
"publish_in":true,
"pin":true
},
...
}