Subject Permission List

POST

tenants

{tenant_id}

permissions

subject-permission

cr, err: = client.Permission.SubjectPermission(context.Background(), &v1.PermissionSubjectPermissionRequest {
    TenantId: "t1",
    Metadata: &v1.PermissionSubjectPermissionRequestMetadata {
        SnapToken: "",
        SchemaVersion: "",
        OnlyPermission: false,
        Depth: 20,
    },
    Entity: &v1.Entity {
        Type: "repository",
        Id: "1",
    },
    Subject: &v1.Subject {
        Type: "user",
        Id: "1",
    },
})

{
  "results": {}
}

The Subject Permission List endpoint allows you to inquire in the form of “Which permissions user:x can perform on entity:y?”. In response, you’ll receive a list of permissions specific to the user for the given entity, returned in the format of a map.

In this endpoint, you’ll receive a map of permissions and their statuses directly. The structure is map[string]CheckResult, such as “sample-permission” -> “ALLOWED”. This represents the permissions and their associated states in a key-value pair format.

Path Parameters

tenant_id

string

required

Identifier of the tenant, if you are not using multi-tenancy (have only one tenant) use pre-inserted tenant <code>t1</code> for this field. Required, and must match the pattern \“[a-zA-Z0-9-,]+\“, max 64 bytes.

Body

application/json

metadata

object

PermissionSubjectPermissionRequestMetadata metadata for the PermissionSubjectPermissionRequest.

entity

object

Entity represents an entity with a type and an identifier.

subject

object

Subject represents an entity subject with a type, an identifier, and a relation.

context

object

Context encapsulates the information related to a single operation, including the tuples involved and the associated attributes.

context.tuples

object[]

A repeated field of tuples involved in the operation.

context.attributes

object[]

A repeated field of attributes associated with the operation.

context.attributes.entity

object

Entity represents an entity with a type and an identifier.

context.attributes.attribute

string

context.attributes.value

object

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

 foo := &pb.Foo{...}
 any, err := anypb.New(foo)
 if err != nil {
   ...
 }
 ...
 foo := &pb.Foo{}
 if err := any.UnmarshalTo(foo); err != nil {
   ...
 }

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

context.data

object

Additional data associated with the context.

Response

200 - application/json

results

object

Map of results for each permission check.

Lookup Entity (Streaming)List Tenants

cr, err: = client.Permission.SubjectPermission(context.Background(), &v1.PermissionSubjectPermissionRequest {
    TenantId: "t1",
    Metadata: &v1.PermissionSubjectPermissionRequestMetadata {
        SnapToken: "",
        SchemaVersion: "",
        OnlyPermission: false,
        Depth: 20,
    },
    Entity: &v1.Entity {
        Type: "repository",
        Id: "1",
    },
    Subject: &v1.Subject {
        Type: "user",
        Id: "1",
    },
})

{
  "results": {}
}

API Documentation

Schema Service

Data Service

Permission Service

Tenancy Service

Bundle Service

Watch Service

Subject Permission List

Path Parameters

Body

Response