How to add user permissions via the API?

Hi, I followed this comment to create a script that creates users in batch:

It works perfectly!
(albeit it’s a bit slow, specially when you need to create 100+ users!!)

Now, I would prefer not to have to manually set the permissions for all those users.
I see from this comment (Uploading users in bulk in Django - #8 by Josh), that you can set the 'add_submissions' permission if you retrieve the project uid, however:

  1. How do you retrieve a project UID without having to first submit dummy data and check in the saved data?
  2. Is is possible to POST the permission/user id/project id to an endpoint? What would be the syntax for that?

It looks like there is an API permission endpoint (kpi/kpi/serializers/v2/permission.py at 7c3ddb774884f8e7bddeb5236f91ae45a054daf7 · kobotoolbox/kpi · GitHub), however I’m not sure how to access that, and in which version of kobotoolbox it’s available.

Thank you again for this amazing app.

1 Like

Hi @paperSheet,

Regarding your points:

  1. You don’t need to have dummy data to retrieve project UIDs, you just need to have deployed projects :+1:
  2. Yes. You can refer to the documentation here:
https://[kf_url]/api/v2/assets/[asset_uid]/permission-assignments/

I would recommend opening the Network tab in your browser as you perform actions in the UI to see which endpoints are called and what data is sent/received :slightly_smiling_face:

1 Like

Hello @Josh,

Thanks for your answer.
Indeed for 1., I see that in the URL you can see the UID, and copy it from there : https://kf.mydomain.com/#/forms/**_aiSQbTFHeDFQbcHuJLmZnH_**/landing

However, the link posted in 2. points to " Not Found The requested resource was not found on this server.".

I would recommend opening the Network tab in your browser as you perform actions in the UI to see which endpoints are called and what data is sent/received

Will do!

Hi @paperSheet, yes sorry about link — I’ve edited the post above :point_up: (just replace the kf_url and asset_uid with yours)

1 Like

Ok so I followed the instructions written on https://kf.mydomain.com/api/v2/assets/aiSQbTFHeDFQbcHuJLmZnH/permission-assignments/, however when I POST the following payload:

[
    {
        'user': 'https://kf.mydomain.com/api/v2/users/user93/',
        'permission': 'https://kf.mydomain.com/api/v2/permissions/add_submissions/'
    }
]

using the following headers:

{
    'Authorization': 'Token <secret token>'
}

to https://kf.mydomain.com/api/v2/assets/aiSQbTFHeDFQbcHuJLmZnH/permission-assignments/bulk/, I get a 403 Forbidden Error with {"detail":"Invalid token."}.

What I don’t get is that I use the exact same authorization token for creating users, and it works there.
Would you know how to fix that?

Hi @paperSheet, you need to ensure that the token being used is one that has sufficient permissions already to give additional permissions to other accounts. For example, the owner of a project can add another user to that project, but that user can’t add themselves.

1 Like

Hi @paperSheet, here’s a walk-through on adding permissions via the API:

2 Likes