How is it customary to manage many-to-many dependencies in a REST API?

T

TAnonim2019-01-20 21:57:50

Software design

TAnonim, 2019-01-20 21:57:50

Greetings. Let there be a role, permission and user object. A role can have several permissions, one permission can apply to several roles, that is, the usual rbac approach. Now I am designing an API for such a system, and the question arose: how do I manage dependencies in the rest of the API?
Now I have, for example, endpoint example.com/api/v1/users/, I make a post request to it and create a user, I make a get request - I get users, and so on, all according to the standard scheme. And what should the endpoint look like, for example, for the operation of attaching a permission to a role?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ivan Shumov, 2019-01-20
@inoise

It all depends on what kind of logic you have in the project. Different variants are admissible:
1. Roles at you it is Organization Unit.
PUT {baseUrl}/roles/{roleID}/users/{userID}
2. Roles and you are just a grouping of access rights:
PUT {baseUrl}/users/{userID}/roles/{roleID}
3. Your roles are copied as independent set of rights (inline policy)
POST {baseUrl}/users/{userID}/policy
The main thing is that the API reflects your use-cases