{"id":23122805,"url":"https://github.com/folio-org/mod-permissions","last_synced_at":"2025-08-17T03:30:57.011Z","repository":{"id":20797529,"uuid":"89534120","full_name":"folio-org/mod-permissions","owner":"folio-org","description":"Module to handle permissions and permissions/user associations","archived":false,"fork":false,"pushed_at":"2024-03-20T19:52:51.000Z","size":964,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":18,"default_branch":"master","last_synced_at":"2024-04-14T14:05:22.779Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/folio-org.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-26T23:02:42.000Z","updated_at":"2024-04-14T14:05:22.780Z","dependencies_parsed_at":"2023-01-11T20:59:05.395Z","dependency_job_id":null,"html_url":"https://github.com/folio-org/mod-permissions","commit_stats":null,"previous_names":[],"tags_count":44,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/folio-org%2Fmod-permissions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/folio-org%2Fmod-permissions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/folio-org%2Fmod-permissions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/folio-org%2Fmod-permissions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/folio-org","download_url":"https://codeload.github.com/folio-org/mod-permissions/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230080775,"owners_count":18169619,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-17T07:30:33.748Z","updated_at":"2025-08-17T03:30:57.002Z","avatar_url":"https://github.com/folio-org.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mod-permissions\n\nCopyright (C) 2016-2025 The Open Library Foundation\n\nThis software is distributed under the terms of the Apache License,\nVersion 2.0. See the file \"[LICENSE](LICENSE)\" for more information.\n\n## Introduction\n\nThis module stores permissions and associations between permissions and users.\nIt also maintains a hierarchy of permissions and sub-permissions, allowing for\npermissions to act as roles, rather than simple bits. It is used primarily by\nthe Authtoken module, though it is possible that some Authentication\nimplementations may have reason to make calls to the Permissions module as well.\n\nThere are two types of permissions:\n\n*  Immutable permissions that are defined in module descriptors. When modules\n   are enabled for a tenant, they are passed from Okapi to mod-permissions via\n   the [tenantPermissions](ramls/tenantPermissions.raml) interface.\n\n*  Mutable, User-defined, permissions that any module can manage if they\n   have permissions to do so. This is part of the\n   [permissions](ramls/permissions.raml) interface.\n\nMod-permission also has the notion of users and permissions associated\nwith them. The `/perms/users` API has two user identifiers:\n`id` and `userId`. `id` is the mod-permissions identifier for the user\nwhile `userId` points to the `id` field of the mod-users `/users` API.\nHaving the two is confusing, they could be the same.\nUser management is also part of the\n[permissions](ramls/permissions.raml) interface.\n\nAs for any module in FOLIO, normal permission restrictions apply: either\nuser must have permissions to access an interface or the modulePermissions\nincludes it for the request.\n\nOn top of that, and to prevent users from getting arbitrary permissions,\nthere are further restrictions on permissions that can be assigned to a user.\n\nThis was introduced in mod-permissions version 6.0.0.\n\nThe restrictions work as follows:\n\n1. If auth is disabled for the tenant where permissions are added, the operation\nis allowed.\n\n2. If module permissions or operating user permissions contains the permission\nto be granted for a user, the operation is allowed.\n\n3. If new permission name is `perms.users.assign.okapi` or starts with\n`okapi.` and operating user permissions and module permissions doesn't\ncontain `perms.users.assign.okapi`, the operation is denied.\n\n4. If the new permission is mutable and operating user permissions and module\npermissions doesn't contain `perms.users.assign.immutable`, the operation\nis denied.\n\n5. If the new permission is immutable and operating user permissions and\nmodule permissions doesn't contain `perms.users.assign.mutable`, the\noperation is denied.\n\n6. Otherwise, the operation is allowed.\n\n## Additional information\n\nThe [Permission documentation in the Okapi guide](https://github.com/folio-org/okapi/blob/master/doc/guide.md#permissions-and-the-_tenantpermissions-interface),\nit covers in particular the \"replaces\" feature.\n\nThe [raml-module-builder](https://github.com/folio-org/raml-module-builder)\nframework.\n\nOther [modules](https://dev.folio.org/source-code/#server-side).\n\nOther FOLIO Developer documentation is at\n[dev.folio.org](https://dev.folio.org/)\n\n### Issue tracker\n\nSee project [MODPERMS](https://issues.folio.org/browse/MODPERMS)\nat the [FOLIO issue tracker](https://dev.folio.org/guidelines/issue-tracker).\n\n### ModuleDescriptor\n\nSee the [ModuleDescriptor.json](descriptors/ModuleDescriptor-template.json)\nfor the interfaces that this module requires and provides, the permissions,\nand the additional module metadata.\n\n### API documentation\n\nThis module's\n[API documentation](https://dev.folio.org/reference/api/#mod-permissions).\n\n### Code analysis\n\n[SonarQube analysis](https://sonarcloud.io/dashboard?id=org.folio%3Amod-permissions).\n\n### Download and configuration\n\nThe built artifacts for this module are available.\nSee [configuration](https://dev.folio.org/download/artifacts) for repository\naccess, and the\n[Docker image](https://hub.docker.com/r/folioorg/mod-permissions/).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffolio-org%2Fmod-permissions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffolio-org%2Fmod-permissions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffolio-org%2Fmod-permissions/lists"}