Skip to main content

Admin: Permissions

Manage individual permission overrides on users β€” granting or revoking specific capabilities without changing a user's role.

Endpoints overview​

MethodEndpointPermissionDescription
GET/api/permissionsadmin:permissions:viewList all permissions
PATCH/api/permissions/:idadmin:permissions:editUpdate permission metadata
GET/api/permissions/users/:userIdadmin:permissions:viewGet permissions for user
POST/api/permissions/users/:userIdadmin:user_permissions:manageAdd permission override to user
PATCH/api/permissions/users/:userId/:permIdadmin:user_permissions:manageUpdate user permission scope
DELETE/api/permissions/users/:userId/:permIdadmin:user_permissions:manageRemove user permission override

Endpoints​

List all permissions​

GET /api/permissions β€” Auth required, Permission: admin:permissions:view

Returns every permission defined in the system.

Response β€” 200

[
  {
    "id": "perm-uuid-001",
    "name": "episode:create",
    "description": "Create new episodes",
    "category": "episodes",
    "scopeable": false,
    "createdAt": "2025-01-01T00:00:00.000Z",
    "descriptionI18n": {
      "uk": "Π‘Ρ‚Π²ΠΎΡ€ΡŽΠ²Π°Ρ‚ΠΈ Π½ΠΎΠ²Ρ– Π΅ΠΏΡ–Π·ΠΎΠ΄ΠΈ",
      "en": "Create new episodes",
      "es": "Crear nuevos episodios"
    }
  }
]

Update permission metadata​

PATCH /api/permissions/:id β€” Auth required, Permission: admin:permissions:edit

Request body (all fields optional)

{
  "description": "Updated description",
  "scopeable": true
}

Response β€” 200

{
  "id": "perm-uuid-001",
  "name": "episode:create",
  "description": "Updated description",
  "category": "episodes",
  "scopeable": true,
  "createdAt": "2025-01-01T00:00:00.000Z"
}

Get permissions for user​

GET /api/permissions/users/:userId β€” Auth required, Permission: admin:permissions:view

Returns all per-user permission overrides (not inherited from role) for the specified user.

Response β€” 200

[
  {
    "id": "perm-uuid-005",
    "name": "scene:block:frame:generate",
    "description": "Generate start/end frames with AI",
    "category": "scenes",
    "scopeable": false,
    "scope": "global"
  }
]

Add permission override to user​

POST /api/permissions/users/:userId β€” Auth required, Permission: admin:user_permissions:manage

Request body

{
  "permissionId": "perm-uuid-005",
  "scope": "global"
}
FieldRequiredNotes
permissionIdyesUUID of the permission to grant
scopenoglobal (default) | assigned

Response β€” 204

Update user permission override scope​

PATCH /api/permissions/users/:userId/:permId β€” Auth required, Permission: admin:user_permissions:manage

Request body

{ "scope": "assigned" }

scope must be "global" or "assigned".

Response β€” 204

Remove user permission override​

DELETE /api/permissions/users/:userId/:permId β€” Auth required, Permission: admin:user_permissions:manage

Response β€” 204