REST API New Role: Is there a central list of of rawPermissions combinations?

Your software
My Mautic version is: 4.4.1
My PHP version is: 8.0.x
My Database type and version is: Mysql 8.x

Your problem
Hi Mautic community!

When creating new roles using the REST API endpoint /api/roles/new we must pass in the rawPermissions property.

rawPermissions is a representation of a multidimensional array somewhat like this:

$rawPermissions = array(
    'email:emails' => array('viewown', 'viewother', 'editown', 'editother'),
    // TODO: Must list all of the actual permissions in the rawPermissions array. Where to get the list?

Is there a central place where we can find a table of all of the multidimensional permission combinations to select from for inclusion in a new role’s rawPermissions array?

Yes we can see the role Permissions checkboxes in the Mautic UI, but I’m looking for the actual strings and array combinations to use in the API request.

The Mautic code base contains snippets like this scattered across maybe 100 files:

'edit'   => $security->hasEntityAccess('lead:leads:editown', 'lead:leads:editother', $lead->getPermissionUser()),

Is working through all of those files our only option?

Thanks in advance for your help Mautic community!

If you inspect source on page /roles/edit/ you can quickly recognize the pattern. Even though you actually have to inspect the html source, I think this is as complete list as it gets :slight_smile:

Thx @mzagmajster , yes that was my first thought too :+1:

But instead of an html form with the pattern obvious in the input names etc, it seems to be all dynamically templated in javascript with only the top level options visible in the html source and the rest buried somewhere in bundled and chunked js files.

Perhaps I am I looking in the wrong place in my browser’s dev tools?

Hi, I mean it looks pretty clear to me. You have a checkbox with data-permission attribute which specifies the namespace. That same checkbox holds value you place in an array above (as you did for email:emails). Am I miss understanding the requirement here?


Another way to go is to mark all permissions you need in UI and then select newly created role in database.

SELECT readable_permissions FROM roles WHERE name = 'test';

You can deserialize an array and I think you can use it in your api request as it appears it has the same format as your code above.

Hmmm, yes that’s clear but it isn’t what I was seeing - I can see that I was looking in the wrong place in the code (it was 3am to be fair) - thx for pointing that out.

Still a bit painful though…be great if this could be added to the API documentation. I’ll post it up if I find time to extract this list.

Yeah I thought of doing that too, probably the way I’ll go actually.

thx @mzagmajster :+1: