...
| Code Block | ||
|---|---|---|
| ||
public class Permission {
String guid; // synthetic key makes create/add/update APIs easier
String appId; // this always has to be part of the query
String userId;
String role; // "admin", "developer"
String objectType; // "study", "organization", "app", "system"
String objectId; // "studyId", "orgId", "appId"
boolean transitive; // e.g. true if permission comes from org membership
// Suggested toString() descriptor (implicitly scoped to an app):
// "2rkp3nU7p8fjUTDVIgjT6T ∈ {organization:sage-bionetworks admin}"
} |
For APIs that have to display permissions, the appId/userId can be replaced with an AccountRef object, similar to the EnrollmentDetail object.
The service (along with a method to integrate with Spring Security):
...