This type of interface is used by AppAdmin to set relationships of “User-Role” and “Role-Permission”.

The appName parameter must be added to all interfaces to indicate the name of the application to be processed by the interface.

If the appToken field is set when the system administrator creates a new business application to the database (refer to the /application/add interface), the value of appToken needs to be set through the appToken field in the interface parameter when calling the following interface. Otherwise, the interface will receive the “application token verification failed.” error due to the failure of business application administrator authentication.

1 User management interface

This kind of interface is used to add, delete, modify and query users.

MatrixAuth is a lightweight permission system, which is only responsible for managing user permissions, but not for user login, user information management and other operations, but through a userkey field to uniquely identify a user. Generally, the userkey field can be user login, userId in the information system, etc.

• /user/add : Add one user.

• /user/updateByKey : Update information of a business application.

• /user/queryByAppName : Query all users of an application.

• /user/queryByKey : Query a user by application name and user ID.

• /user/deleteByKey : delete one user.

2 Role management interface

MatrixAuth is a distributed permission system. After an application is accessed, it can control the “user-role-permission” relationship in the application. However, this kind of control is not always established. For example, if there is a business application as a campus management system, MatrixAuth can set a user in the business application as an “Administrator” to exercise some management rights , MatrixAuth may not be able to set a user as a “head teacher”, because the role of “head teacher” is set up by the campus management system, a business application operation, rather than by MatrixAuth, a business independent authority system

Therefore, some roles can be set by MatrixAuth, while some can’t. according to this, we divide the roles in MatrixAuth into three categories, and the corresponding enumeration value codes and descriptions are as follows:

• InterfaceControlled：Roles that can only be used to set the user-role relationship through the interface API of MatrixAuth, such as “administrator”.
• BusinessAppControlled：Roles that can only be set user-role relationship through business application, such as “head teacher”.
• InterfaceAndBusinessAppControlled：Roles that can be used to set the user-role relationship through the interface API or business application.

Relevant operation interfaces are as follows:

• /role/add : Add one role.

• /role/updateByName : Update role.

• /role/queryByAppName : Query all roles of an app.

• /role/queryByName : Query a role by application name and role ID.

• /role/deleteByName : Delete one role.

3 Permission management interface

This kind of interface is used to add, delete, modify and query permissions

• /permission/add : Add one permission.

• /permission/updateByKey : Update one permission.

• /permission/queryByAppName : Query all permissions of the application.

• /permission/queryByKey : Query one permission.

• /permission/deleteByKey : Delete one permission.

4 “User-Role-Permission” management interface

This type of interface is used to complete the setting of “User-Role-Permission” association relationship

• /auth/addUserXRole : Add a role for the specified user.

• /auth/deleteUserXRole : Delete a role for the specified user.

• /auth/addRoleXPermission : Add a permission for the specified role.

• /auth/deleteRoleXPermission : Delete a permission for the specified role.