summaryrefslogtreecommitdiff
path: root/libeufin/api-nexus.rst
diff options
context:
space:
mode:
Diffstat (limited to 'libeufin/api-nexus.rst')
-rw-r--r--libeufin/api-nexus.rst75
1 files changed, 74 insertions, 1 deletions
diff --git a/libeufin/api-nexus.rst b/libeufin/api-nexus.rst
index 96cdbefb..ef1a3c00 100644
--- a/libeufin/api-nexus.rst
+++ b/libeufin/api-nexus.rst
@@ -102,11 +102,84 @@ User Management
Return list of users.
+.. _nexus-permissions-api:
+
+Permissions API
+---------------
+
+The permissions API manages authorization of access of subjects (usually users)
+to resources.
+
+Permissions are modeled a set of ``(subject, resource, permission)`` triples.
+Subjects and resources consist of a type and an identifier.
+
+Superusers are not subject to further permission checks, they are allowed
+to do any operation.
+
+The following subject types are currently supported:
+
+* ``user``: An authenticated user. The subject ID
+ is interpreted as the user ID.
+
+The following permissions are currently defined:
+
+* ``facade.talerWireGateway.history``: Allows querying the
+ transaction history through a Taler wire gateway facade.
+* ``facade.talerWireGateway.transfer``: Allows creating payment initiations
+ to transfer money via a Taler wire gateway facade.
+
+The following resource IDs are currently supported:
+
+* ``facade``: A LibEuFin facade. The resource ID is interpreted as the
+ facade name.
+
+.. http:get:: {nexusbase}/permissions
+
+ List all permissions.
+
+ **Response**
+
+ .. ts:def:: QueryPermissionsResponse
+
+ interface QueryPermissionsResponse {
+ permissions: {
+ subjectType: string;
+ subjectId: string;
+ resourceType: string;
+ resourceId: string;
+ permissionName: string
+ }[];
+ }
+
+.. http:post:: {nexusbase}/permissions
+
+ Modify permissions.
+
+ **Request**
+
+ .. ts:def:: QueryPermissionsResponse
+
+ interface QueryPermissionsResponse {
+ action: "grant" | "revoke";
+ permission: {
+ subjectType: string;
+ subjectId: string;
+ resourceType: string;
+ resourceId: string;
+ permissionName: string
+ };
+ }
+
+ **Response**
+
+ The response is an empty JSON object.
+
+
Test API
--------
-.. http:post:: {nexusBase}/bank-accounts/{acctid}/test-camt-ingestion/{type}
+.. http:post:: {nexusbase}/bank-accounts/{acctid}/test-camt-ingestion/{type}
This call allows tests to **directly** give Nexus a Camt document. After
the processing, all the payment(s) details should be ingested as if the