Restricted Scope

Entities that are Restrictable will have a restricted scope defined. This scope is applied on every base query our endpoints provide.

When requesting data from the intratool API all queries to Restrictable models will be restricted to the current user.

There are "administration routes" where EntityPermissions are ignored so privileged Users can access the requested content without having the EntityPermission.

Relation

Models provided by the intratool API that are Restrictable will always have a relation key entityPermissions that gives information about permissions attached to the content.

See Query Manipulation to learn how to retrieve this information by requesting our endpoints.

Adding permissions

When creating or updating content by requesting the intratool API you can always add the fieldkey entity_permissions if the model the endpoint grants access to is Restrictable.

The entity_permissions value is expected to be an array with one or more permission definitions. The following structure is expected:

[
  {
    "key": "view",
    "target_entity": "user",
    "target_entity_id": 25
  },
  {
    "key": "view",
    "target_entity": "user",
    "target_entity_id": 26
  }
]