diff options
Diffstat (limited to 'libeufin/api-nexus.rst')
-rw-r--r-- | libeufin/api-nexus.rst | 75 |
1 files changed, 74 insertions, 1 deletions
diff --git a/libeufin/api-nexus.rst b/libeufin/api-nexus.rst index 96cdbefb..ef1a3c00 100644 --- a/libeufin/api-nexus.rst +++ b/libeufin/api-nexus.rst @@ -102,11 +102,84 @@ User Management Return list of users. +.. _nexus-permissions-api: + +Permissions API +--------------- + +The permissions API manages authorization of access of subjects (usually users) +to resources. + +Permissions are modeled a set of ``(subject, resource, permission)`` triples. +Subjects and resources consist of a type and an identifier. + +Superusers are not subject to further permission checks, they are allowed +to do any operation. + +The following subject types are currently supported: + +* ``user``: An authenticated user. The subject ID + is interpreted as the user ID. + +The following permissions are currently defined: + +* ``facade.talerWireGateway.history``: Allows querying the + transaction history through a Taler wire gateway facade. +* ``facade.talerWireGateway.transfer``: Allows creating payment initiations + to transfer money via a Taler wire gateway facade. + +The following resource IDs are currently supported: + +* ``facade``: A LibEuFin facade. The resource ID is interpreted as the + facade name. + +.. http:get:: {nexusbase}/permissions + + List all permissions. + + **Response** + + .. ts:def:: QueryPermissionsResponse + + interface QueryPermissionsResponse { + permissions: { + subjectType: string; + subjectId: string; + resourceType: string; + resourceId: string; + permissionName: string + }[]; + } + +.. http:post:: {nexusbase}/permissions + + Modify permissions. + + **Request** + + .. ts:def:: QueryPermissionsResponse + + interface QueryPermissionsResponse { + action: "grant" | "revoke"; + permission: { + subjectType: string; + subjectId: string; + resourceType: string; + resourceId: string; + permissionName: string + }; + } + + **Response** + + The response is an empty JSON object. + + Test API -------- -.. http:post:: {nexusBase}/bank-accounts/{acctid}/test-camt-ingestion/{type} +.. http:post:: {nexusbase}/bank-accounts/{acctid}/test-camt-ingestion/{type} This call allows tests to **directly** give Nexus a Camt document. After the processing, all the payment(s) details should be ingested as if the |