...
| URI | Request Method | Request Param's | Request Body | Response Body | Description | Authority | |
|---|---|---|---|---|---|---|---|
| /userPrecursor | POST | email, fname, lname, invitation message | ID, token | Create a user precursor for the given email address. Sends email to invited user. 400 response if email has been used before. | authenticated users | ||
| /userPrecursor | GET | limit, offset | PaginatedResults of precursor | Returns all precursors created by the user. (Ordered by creation time stamp?) | Precursor creator. | ||
| /userPrecursor/{id} | GET | -- | -- | ID, token, principalID (or null), email, fname, lname | Precursor creator. | ||
| /userPrecursor/{id} | DELETE | -- | -- | -- | Delete user precursor. 403 status if precursor is already bound to an entity. | Precursor creator. | |
/userPrecursor/{id}/principal Q: Is this the best URI? | POST | token | -- | -- | Bind a precursor to the principal of the currently authenticated user. Any entity access records for the precursor become ACL records. | Authenticated users. | |
| /userPrecursor/{id}/access/entity | POST | -- | entity ID, access type | ? | Adds the given access type to the given entity to the given precursor. 403 status if precursor is already bound to an entity. | User must have sharing rights CHANGE_PERMISSION access to the entity AND be the precursor creator. | |
| /userPrecursor/{id}/access/entity/{entityId} | DELETE | -- | -- | -- | Remove all access to the given entity for the given precursor. 403 status if precursor is already bound to an entity. | User must have sharing rights CHANGE_PERMISSION access to the entity AND be the precursor creator. | /membershipInvitation |
| POST/userPrecursor/{id}/openInvitation | GET | teamId, limit, offset | -- | MembershipInvtnSubmissionPaginatedResults<MembershipInvitation> | MembershipInvtnSubmission | Create a membership invitation for a precursor. | User must be Team admin AND be the precursor creator. |
| Get a paginated list of all the open membership invitations extended to a user, optionally filtering by teamId. | PUBLIC |
Note: The MembershipInvtnSubmission object is extended to accept either a principal ID or a precursor ID. So all the CRUD operations on this object now support user precursors.
TODO: Database tables:
table columns: ID, token, first, last, email, principalId (initially null)
...