Overview
To get user permissions, you need to list all the user roles and then fetch all the permissions for each role.
Get User Roles
First of all we need to get our API_SECRET_KEY from the dashboard and get the current project_id and env_id
Get User Roles via the API
You can get the user roles by requesting the user API endpoint
https://api.permit.io/v2/facts/{project_id}/{env_id}/users/user_id_or_key
-H 'authorization: Bearer API_SECRET_KEY'
The return user object will look like this:
{
"key": "key@permit.io",
"id": "d084172f638140e7a90622ff8311xxx",
"organization_id": "903ebc2765b848289d6dfbd3c21exxxx",
"project_id": "3c4244c7bcab4c97990e5bc724daxxxx",
"environment_id": "9ba956da646948538efaee4cf10dxxxx",
"associated_tenants": [
{
"tenant": "default",
"roles": [
"board",
"test",
"admin"
],
"status": "active"
}
],
"roles": [
{
"role": "board",
"tenant": "default"
},
{
"role": "test",
"tenant": "default"
},
{
"role": "admin",
"tenant": "default"
}
],
"email": "test@gmail.com",
"first_name": "",
"last_name": "",
"attributes": {}
}
get users with a key or email
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/users?search=key@permit.io&page=1&per_page=3' \
-H 'authorization: Bearer API_SECRET_KEY'
The return user object will look like this:
{
"data": [
{
"key": "key@permit.io",
"id": "445ed9ff1bc94caf8bcf686ea3eexxxx",
"organization_id": "903ebc2765b848289d6dfbd3c21exxxx",
"project_id": "3c4244c7bcab4c97990e5bc724daxxxx",
"environment_id": "9ba956da646948538efaee4cf10dxxxx",
"associated_tenants": [
{
"tenant": "sample_tenant",
"roles": [
"board"
],
"status": "active"
}
],
"roles": [
{
"role": "board",
"tenant": "sample_tenant"
}
],
"email": "email@permit.io",
"first_name": "",
"last_name": "",
"attributes": null
}
],
"total_count": 1,
"page_count": 1
}
You can also get users per tenant
Replace tenant_id with your tenant id if you don't use tenants use default instead
curl 'https://api.permit.io/v2/facts/{project_id}/{env_id}/tenants/tenant_id/users?search=key@permit.io&page=1&per_page=3' \
-H 'authorization: Bearer API_SECRET_KEY'
The return user object will look like this:
{
"data": [
{
"key": "key@permit.io",
"id": "d084172f638140e7a90622ff8311xxx",
"organization_id": "903ebc2765b848289d6dfbd3c21exxxx",
"project_id": "3c4244c7bcab4c97990e5bc724daxxxx",
"environment_id": "9ba956da646948538efaee4cf10dxxxx",
"associated_tenants": [
{
"tenant": "default",
"roles": [
"board",
"test",
"admin"
],
"status": "active"
}
],
"roles": [
{
"role": "board",
"tenant": "default"
},
{
"role": "test",
"tenant": "default"
},
{
"role": "admin",
"tenant": "default"
}
],
"email": "test@gmail.com",
"first_name": "",
"last_name": "",
"attributes": {}
}
],
"total_count": 1,
"page_count": 1
}
Get Role Permissions
Now that we have the user roles, we can get the permissions for each role.
To get the permissions for all the user roles (note that user can have multiple roles) we need to list all the permissions for each role.
Replace role_id_or_key with your role id or key that you got from the previous step (E.G admin, board, etc...).
curl 'https://api.permit.io/v2/schema/{project_id}/{env_id}/roles/role_id_or_key' \
-H 'authorization: Bearer API_SECRET_KEY'
The return role object will look like this:
{
"name": "board",
"description": "",
"permissions": [
"user:delete",
"document:create",
"file:create",
"user:read",
"user:login",
"file:read",
"user:update",
"user:get",
"user:create"
],
"attributes": null,
"extends": [],
"granted_to": null,
"key": "board",
"id": "d611591f8f51421aa6877e2aeb6909a8",
"organization_id": "903ebc2765b848289d6dfbd3c21e392b",
"project_id": "3c4244c7bcab4c97990e5bc724dafe85",
"environment_id": "9ba956da646948538efaee4cf10d1815",
"created_at": "2023-03-09T12:33:18+00:00",
"updated_at": "2023-03-09T12:33:18+00:00"
}
Remove duplicates and get the final list of permitted roles.