diff --git a/README.md b/README.md index 6526227..da3f1bd 100644 --- a/README.md +++ b/README.md @@ -114,7 +114,7 @@ POST `/api/admin/user/delete` Data ``` { - "userName": "" + "userName": "example_username" } ``` @@ -126,17 +126,38 @@ POST `/api/login` Data ``` { - "username": "", - "password": "" + "username": "example_username", + "password": "example_password" } ``` This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of `access_token`, and must be supplied via a HTTP header in the form `"Authorization: Bearer "` for all subsequent API calls. +### Role Operations + #### List Roles GET `/api/admin/roles` This operation can only be performed by a user with a role that is admin enabled. Lists currently defined roles. +#### Create Role +POST `/api/admin/role/add` + +Data +``` +{ + "roleName":"example role", + "readOnly":true, + "Admin":false, + "LdapGroup":"CN=smt_users,OU=Groups,DC=example,DC=com" +} +``` + +This operation can only be performed by a user with a role that is admin enabled. Creates a new role. Can be read only, or admin enabled, or map to an LDAP group if LDAP integration is being used. + +Users allocated to this role will only be able to access secrets that are part of this role. The exception being users in a role with admin enabled; any user in an admin enabled role can access all secrets. + +Ldap group must be specified via the full distinguishedName. The simplest way to get this information is to run the command `dsquery group -name ` from a windows machine. + #### List Users GET `/api/admin/users` diff --git a/www/favicon-16x16.png b/www/favicon-16x16.png new file mode 100644 index 0000000..b51a1dd Binary files /dev/null and b/www/favicon-16x16.png differ diff --git a/www/favicon-32x32.png b/www/favicon-32x32.png new file mode 100644 index 0000000..fc1c3d5 Binary files /dev/null and b/www/favicon-32x32.png differ diff --git a/www/favicon.ico b/www/favicon.ico new file mode 100644 index 0000000..7dea049 Binary files /dev/null and b/www/favicon.ico differ