Table of Contents

MicroServices - Permissions

Introduction

The permission microservice is responsible for querying and persisting user permissions.

The functionalities are available through an API, which will be detailed later.

Prerequisites

  1. Docker
  2. MibConfig via ENVVAR

Required Configuration Files

Some configurations are required by the microservice and for the service that consumes it service.

Server side configurations

MibPermissionMicroServiceServerConfig

  • MetadataRefreshIntervalSeconds: Defines how frequently the background service polls for updated permission metadata after the initial startup. Behavior: � The background service uses a PeriodicTimer to refresh permission metadata at regular intervals. The effective interval is Math.Max(1, MetadataRefreshIntervalSeconds) seconds, ensuring a minimum of 1 second between refreshes regardless of configuration.

  • MetadataInitialFetchTimeoutSeconds: Controls the startup behavior when the application first attempts to populate the permission metadata cache. Behavior: � Value <= 0 (Recommended for Production): The host will wait indefinitely for the initial metadata fetch to succeed. The application will not accept requests until the cache is populated, ensuring that no request ever sees empty permissions. This is the preferred setting for production environments where failing readiness probes is better than serving incorrect authorization data. � Value > 0 (Development/Testing): The host will wait up to the specified number of seconds for the initial fetch. If the timeout expires before the fetch completes, the application will start with an empty cache and log a warning. The background refresh loop will continue retrying. This setting allows faster iteration during development when external dependencies might be unavailable.

  • EnableHealthCheckConfigurablePermissions: Define if configurable permissions are enabled at health check (Default = true).

In both time-related config the time informed must be in seconds.

Example:

<?xml version="1.0" encoding="utf-8" ?>
<mibConfig>
  <default>
    <MetadataRefreshIntervalSeconds>8600</MetadataRefreshIntervalSeconds>
    <MetadataInitialFetchTimeoutSeconds>8600</MetadataInitialFetchTimeoutSeconds>
    <EnableHealthCheckConfigurablePermissions>false</EnableHealthCheckConfigurablePermissions>
  </default>
</mibConfig>

MibDatabaseConfig

Configuration used to indicate the authorization database.

Example:

<?xml version="1.0" encoding="utf-8" ?>
<mibConfig>
  <default>
    <type>sql2005</type>
    <server>server</server>
    <database>database</database>
    <username>username</username>
    <password>password</password>
  </default>
</mibConfig>

MibPermissionMicroServiceClientConfig

Configuration intended for applications that will consume the microservice.

  • ServerUrl: Access URL for the permission microservice.

Example:

<?xml version="1.0" encoding="utf-8" ?>
<mibConfig>
  <default>
    <serverUrl>Url from microservice</serverUrl>
  </default>
</mibConfig>

Applications that access the permission microservice and will require this config:

  • MediaiBox.Cms.Api.Server (MibApi)
  • MediaiBox.Cms.Authorization.Server (MibAuthorization)
  • MediaiBox.Cms.FrontEnd.Server (Mib3)

API Routes

GET: /permission/v1/authorization/apiClient/{userId}/{apiClientId}
Parameters:

  • userId: Logged in user id.
  • apiClientId: ApiClient id to obtain permissions (referring to table "API_CLIENTS" field "ID").
  • Return, body:
[
  {
    "objectId": 0,
    "name": "string",
    "title": "string",
    "key": "string",
    "parentId": 0,
    "objectType": 1,
    "ownerId": 0,
    "ownerType": 1,
    "categoryKey": "string",
    "canRead": true,
    "canWrite": true,
    "canDelete": true,
    "ownerCanRead": true,
    "ownerCanWrite": true,
    "ownerCanDelete": true,
    "isInherited": true,
    "boolean": true
  }
]
  • ownerType: Indicates whether the permission is for a user(1) or a group(2).
  • objectType: Indicates whether the permission is for a source(1), mediatype(2) or boolean(3).

GET: /permission/v1/authorization/oauthClient/{userId}/{oauthClientId}
Parameters:

  • userId: Logged in user id.
  • oauthClientId: oauthClientId to obtain permissions (referring to table "API_CLIENTS" field "OAUTH_CLIENT_ID").
  • Return, body:
[
  {
    "objectId": 0,
    "name": "string",
    "title": "string",
    "key": "string",
    "parentId": 0,
    "objectType": 1,
    "ownerId": 0,
    "ownerType": 1,
    "categoryKey": "string",
    "canRead": true,
    "canWrite": true,
    "canDelete": true,
    "ownerCanRead": true,
    "ownerCanWrite": true,
    "ownerCanDelete": true,
    "isInherited": true,
    "boolean": true
  }
]
  • ownerType: Indicates whether the permission is for a user(1) or a group(2).
  • objectType: Indicates whether the permission is for a source(1), mediatype(2) or boolean(3).

GET: /permission/v1/authorization/{ownerId}/{permissionType}
Parameters:

  • ownerId: Owner ID.
  • permissionType: Indicates whether the owner id refers to a user(1) or a group(2).
  • Return, body:
{
  "Front": {
    "items": [
      {
        "objectId": 0,
        "name": "string",
        "title": "string",
        "key": "string",
        "parentId": 0,
        "objectType": 1,
        "ownerId": 0,
        "ownerType": 1,
        "categoryKey": "string",
        "canRead": true,
        "canWrite": true,
        "canDelete": true,
        "ownerCanRead": true,
        "ownerCanWrite": true,
        "ownerCanDelete": true,
        "isInherited": true,
        "canEditRead": true,
        "canEditWrite": true,
        "canEditDelete": true,
        "ownerCanEditRead": true,
        "ownerCanEditWrite": true,
        "ownerCanEditDelete": true,
        "canEditIsInherited": true,
        "boolean": true,
        "canEditBoolean": true
      }
    ],
    "categories": [
      {
        "key": "string",
        "name": "string",
        "supportsHierarchy": true
      }
    ]
  },
  "Api": {
    "items": [
      {
        "objectId": 0,
        "name": "string",
        "title": "string",
        "key": "string",
        "parentId": 0,
        "objectType": 1,
        "ownerId": 0,
        "ownerType": 1,
        "categoryKey": "string",
        "canRead": true,
        "canWrite": true,
        "canDelete": true,
        "ownerCanRead": true,
        "ownerCanWrite": true,
        "ownerCanDelete": true,
        "isInherited": true,
        "canEditRead": true,
        "canEditWrite": true,
        "canEditDelete": true,
        "ownerCanEditRead": true,
        "ownerCanEditWrite": true,
        "ownerCanEditDelete": true,
        "canEditIsInherited": true,
        "boolean": true,
        "canEditBoolean": true
      }
    ],
    "categories": [
      {
        "key": "string",
        "name": "string",
        "supportsHierarchy": true
      }
    ]
  }
}
  • Returns a collection of ApiClients containing their respective permissions and categories.

POST: /permission/v1/authorization
Parameters, body:

{
  "ownerId": 0,
  "apiKey": "string",
  "permissions": [
    {
      "objectId": 0,
      "name": "string",
      "title": "string",
      "key": "string",
      "parentId": 0,
      "objectType": 0,
      "ownerId": 0,
      "ownerType": 0,
      "categoryKey": "string",
      "canRead": true,
      "canWrite": true,
      "canDelete": true,
      "ownerCanRead": true,
      "ownerCanWrite": true,
      "ownerCanDelete": true,
      "isInherited": true,
      "canEditRead": true,
      "canEditWrite": true,
      "canEditDelete": true,
      "ownerCanEditRead": true,
      "ownerCanEditWrite": true,
      "ownerCanEditDelete": true,
      "canEditIsInherited": true,
      "boolean": true,
      "canEditBoolean": true
    }
  ]
}
  • ownerId: Owner ID.
  • apiKey: ApiClient key.
  • permissions: Owner whitelist.
Edit this page