This type of interface is used by AppAdmin to set relationships of “User-Role” and “Role-Permission”.
The appName
parameter must be added to all interfaces to indicate the name of the application to be processed by the interface.
If the appToken
field is set when the system administrator creates a new business application to the database (refer to the /application/add
interface), the value of appToken
needs to be set through the appToken
field in the interface parameter when calling the following interface. Otherwise, the interface will receive the “application token verification failed.” error due to the failure of business application administrator authentication.
1 User management interface
This kind of interface is used to add, delete, modify and query users.
MatrixAuth is a lightweight permission system, which is only responsible for managing user permissions, but not for user login, user information management and other operations, but through a userkey field to uniquely identify a user. Generally, the userkey field can be user login, userId
in the information system, etc.
/user/add
: Add one user.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
userKey |
Yes |
Unique identification of the user |
userName |
No |
User name |
appToken |
No |
Basis for completing the identity verification of application administrator |
/user/updateByKey
: Update information of a business application.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application, cannot be modified |
userKey |
Yes |
Unique identification of the user, cannot be modified |
userName |
No |
User name |
appToken |
No |
Basis for completing the identity verification of application administrator |
/user/queryByAppName
: Query all users of an application.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
appToken |
No |
Basis for completing the identity verification of application administrator |
/user/queryByKey
: Query a user by application name and user ID.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
userKey |
Yes |
Unique identification of the user |
appToken |
No |
Basis for completing the identity verification of application administrator |
/user/deleteByKey
: delete one user.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
userKey |
Yes |
Unique identification of the user |
appToken |
No |
Basis for completing the identity verification of application administrator |
2 Role management interface
MatrixAuth is a distributed permission system. After an application is accessed, it can control the “user-role-permission” relationship in the application. However, this kind of control is not always established. For example, if there is a business application as a campus management system, MatrixAuth can set a user in the business application as an “Administrator” to exercise some management rights , MatrixAuth may not be able to set a user as a “head teacher”, because the role of “head teacher” is set up by the campus management system, a business application operation, rather than by MatrixAuth, a business independent authority system
Therefore, some roles can be set by MatrixAuth, while some can’t. according to this, we divide the roles in MatrixAuth into three categories, and the corresponding enumeration value codes and descriptions are as follows:
InterfaceControlled
:Roles that can only be used to set the user-role relationship through the interface API of MatrixAuth, such as “administrator”.
BusinessAppControlled
:Roles that can only be set user-role relationship through business application, such as “head teacher”.
InterfaceAndBusinessAppControlled
:Roles that can be used to set the user-role relationship through the interface API or business application.
Relevant operation interfaces are as follows:
/role/add
: Add one role.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
roleName |
Yes |
Role name |
description |
No |
Role description |
type |
Yes |
Role type, options:InterfaceControlled 、BusinessAppControlled 、InterfaceAndBusinessAppControlled |
appToken |
No |
Basis for completing the identity verification of application administrator |
/role/updateByName
: Update role.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application, cannot be modified |
roleName |
No |
Role name, cannot be modified |
description |
No |
Role description |
type |
Yes |
Role type, options:InterfaceControlled 、BusinessAppControlled 、InterfaceAndBusinessAppControlled |
appToken |
No |
Basis for completing the identity verification of application administrator |
/role/queryByAppName
: Query all roles of an app.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
appToken |
No |
Basis for completing the identity verification of application administrator |
/role/queryByName
: Query a role by application name and role ID.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
roleName |
Yes |
Role name |
appToken |
No |
Basis for completing the identity verification of application administrator |
/role/deleteByName
: Delete one role.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
roleName |
Yes |
Role name |
appToken |
No |
Basis for completing the identity verification of application administrator |
3 Permission management interface
This kind of interface is used to add, delete, modify and query permissions
/permission/add
: Add one permission.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
permKey |
Yes |
Permission key, unique identification of the permission |
name |
No |
Permission name |
description |
No |
Description |
appToken |
No |
Basis for completing the identity verification of application administrator |
/permission/updateByKey
: Update one permission.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
permKey |
Yes |
Permission key, cannot be modified |
name |
No |
Permission name |
description |
No |
Description |
appToken |
No |
Basis for completing the identity verification of application administrator |
/permission/queryByAppName
: Query all permissions of the application.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
appToken |
No |
Basis for completing the identity verification of application administrator |
/permission/queryByKey
: Query one permission.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
permKey |
Yes |
Permission key |
appToken |
No |
Basis for completing the identity verification of application administrator |
/permission/deleteByKey
: Delete one permission.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
permKey |
Yes |
Permission key |
appToken |
No |
Basis for completing the identity verification of application administrator |
4 “User-Role-Permission” management interface
This type of interface is used to complete the setting of “User-Role-Permission” association relationship
/auth/addUserXRole
: Add a role for the specified user.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
userKey |
Yes |
Unique identification of the user |
roleName |
Yes |
Role name |
appToken |
No |
Basis for completing the identity verification of application administrator |
/auth/deleteUserXRole
: Delete a role for the specified user.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
userKey |
Yes |
Unique identification of the user |
roleName |
Yes |
Role name |
appToken |
No |
Basis for completing the identity verification of application administrator |
/auth/addRoleXPermission
: Add a permission for the specified role.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
roleName |
Yes |
Role name |
permKey |
Yes |
Permission key |
appToken |
No |
Basis for completing the identity verification of application administrator |
/auth/deleteRoleXPermission
: Delete a permission for the specified role.
Parameter name |
Required |
Description |
appName |
Yes |
Name of application |
roleName |
Yes |
Role name |
permKey |
Yes |
Permission key |
appToken |
No |
Basis for completing the identity verification of application administrator |