UNPKG

@agility/management-sdk

Version:
280 lines (239 loc) 10.4 kB
# Agility CMS & Management API TypeScript SDK ## ServerUserMethods This class provides server-level user management operations for Agility CMS. These methods handle user accounts at the server level, which is different from instance-level users and provides broader administrative capabilities. **Important Notes:** - Server user methods typically require server-level administrative privileges - These operations affect user accounts across multiple instances - Server users have elevated permissions compared to instance users - Server user management is typically used for system administration - Changes to server users may affect access to multiple instances ### Function List - [me](#me) - Retrieves current server user information - [you](#you) - Retrieves specific server user information --- ### me Retrieves current authenticated server user information. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `guid` | `string` | Yes | Current website GUID | **Returns:** `ServerUser` - Complete server user object with roles and permissions **Usage Example:** ```typescript const serverUser = await apiClient.serverUserMethods.me(guid); console.log(`Server User: ${serverUser.firstName} ${serverUser.lastName}`); console.log(`Email: ${serverUser.emailAddress}`); console.log(`Role: ${serverUser.roleName}`); console.log(`Status: ${serverUser.isActive ? 'Active' : 'Inactive'}`); console.log(`Last Login: ${serverUser.lastLoginDate}`); console.log(`Created: ${serverUser.createdDate}`); // Check server-level permissions if (serverUser.permissions && serverUser.permissions.length > 0) { console.log('Server permissions:'); serverUser.permissions.forEach(permission => { console.log(` - ${permission}`); }); } else { console.log('User has no specific server permissions assigned'); } // Check if user is a server administrator const isServerAdmin = serverUser.roleName === 'Server Administrator' || serverUser.roleName === 'System Administrator'; console.log(`Is Server Administrator: ${isServerAdmin}`); // Display instance access if (serverUser.instanceAccess && serverUser.instanceAccess.length > 0) { console.log('Instance access:'); serverUser.instanceAccess.forEach(access => { console.log(` - Instance: ${access.instanceName} (${access.role})`); }); } else { console.log('User has no instance access assigned'); } ``` **Response Properties:** The `ServerUser` object includes: - `userID`: Unique identifier for the server user - `firstName`: User's first name - `lastName`: User's last name - `emailAddress`: User's email address - `roleName`: The user's server-level role - `isActive`: Whether the user account is active - `lastLoginDate`: Date of the user's last login - `createdDate`: Date the user account was created - `permissions`: Array of server-level permissions - `instanceAccess`: Array of instance access configurations **Server User Roles:** Common server-level roles include: - `Server Administrator`: Full server-level access - `System Administrator`: Complete system control - `Instance Manager`: Can manage multiple instances - `Support User`: Limited access for support purposes **Error Handling:** - Throws `Exception` when server user not found - Throws `Exception` when insufficient permissions to view server user details ### you Retrieves specific server user information by server user ID. | Parameter | Type | Required | Description | |-----------|------|----------|-------------| | `guid` | `string` | Yes | Current website GUID | | `serverUserID` | `number` | Yes | The server user ID to retrieve | **Returns:** `any` - Server user information and data **Usage Example:** ```typescript // Create a new server user const newServerUser = { firstName: 'John', lastName: 'Admin', emailAddress: 'john.admin@company.com', roleName: 'Server Administrator', isActive: true, password: 'SecureServerPassword123!', // Only required for new users permissions: [ 'server.read', 'server.write', 'instance.create', 'instance.manage' ], instanceAccess: [ { instanceGUID: 'instance-guid-1', instanceName: 'Production Instance', role: 'Administrator' }, { instanceGUID: 'instance-guid-2', instanceName: 'Staging Instance', role: 'Editor' } ] }; const savedServerUser = await apiClient.serverUserMethods.saveServerUser( newServerUser, guid ); console.log('Server user created with ID:', savedServerUser.userID); // Update existing server user const existingServerUser = await apiClient.serverUserMethods.getServerUser(123, guid); existingServerUser.firstName = 'Jane'; existingServerUser.roleName = 'Instance Manager'; existingServerUser.isActive = true; // Add new instance access existingServerUser.instanceAccess.push({ instanceGUID: 'new-instance-guid', instanceName: 'New Instance', role: 'Publisher' }); const updatedServerUser = await apiClient.serverUserMethods.saveServerUser( existingServerUser, guid ); console.log('Server user updated:', updatedServerUser.emailAddress); // Grant server-level permissions const grantServerPermissions = async (userID, permissions) => { const user = await apiClient.serverUserMethods.getServerUser(userID, guid); user.permissions = [...new Set([...user.permissions, ...permissions])]; return await apiClient.serverUserMethods.saveServerUser(user, guid); }; // Promote user to server administrator const promoteToServerAdmin = async (userID) => { const user = await apiClient.serverUserMethods.getServerUser(userID, guid); user.roleName = 'Server Administrator'; user.permissions = [ 'server.read', 'server.write', 'instance.create', 'instance.manage', 'user.manage' ]; return await apiClient.serverUserMethods.saveServerUser(user, guid); }; // Manage instance access const updateInstanceAccess = async (userID, instanceGUID, role) => { const user = await apiClient.serverUserMethods.getServerUser(userID, guid); // Find existing access or create new const existingAccess = user.instanceAccess.find( access => access.instanceGUID === instanceGUID ); if (existingAccess) { existingAccess.role = role; } else { user.instanceAccess.push({ instanceGUID: instanceGUID, instanceName: 'Instance Name', // You'd get this from instance details role: role }); } return await apiClient.serverUserMethods.saveServerUser(user, guid); }; ``` **Server User Structure:** ```typescript interface ServerUser { userID?: number; // Auto-generated for new users firstName: string; // User's first name (required) lastName: string; // User's last name (required) emailAddress: string; // User's email address (required, unique) roleName: string; // Server-level role (required) isActive: boolean; // Whether the account is active password?: string; // Required for new users only permissions: string[]; // Array of server-level permissions instanceAccess: InstanceAccess[]; // Array of instance access configurations lastLoginDate?: string; // Auto-generated createdDate?: string; // Auto-generated } interface InstanceAccess { instanceGUID: string; // Instance identifier instanceName: string; // Human-readable instance name role: string; // Role within that instance } ``` **Server-Level Permissions:** Common server permissions include: - `server.read`: Read server configuration - `server.write`: Modify server configuration - `instance.create`: Create new instances - `instance.manage`: Manage existing instances - `user.manage`: Manage server users - `system.admin`: Full system administration **Instance Access Configuration:** - Each server user can have access to multiple instances - Access is granted with specific roles per instance - Instance access can be managed independently of server-level permissions - Common instance roles: Administrator, Editor, Publisher, Contributor **Validation Rules:** - `emailAddress` must be unique across all server users - `password` is required for new users (not needed for updates) - `firstName` and `lastName` are required - `roleName` must be a valid server-level role - `instanceAccess` entries must reference valid instances **Error Handling:** - Throws `Exception` when validation fails (duplicate email, invalid role, etc.) - Throws `Exception` when save operation fails - Throws `Exception` when insufficient permissions to create/update server users - Throws `Exception` when instance access references invalid instances **Security Considerations:** - Server user operations require the highest level of permissions - Changes to server users can affect multiple instances - Always validate instance access before granting permissions - Consider using role-based access control for server users - Monitor server user activity for security compliance **Best Practices:** - Use principle of least privilege when assigning server permissions - Regularly review and audit server user accounts - Implement strong password policies for server users - Deactivate unused server user accounts - Log all server user management activities --- ## Navigation - [← Back to Main Documentation](../README.md) - [Authentication & Setup](./auth.md) - [Multi-Instance Operations](./multi-instance-operations.md) - [AssetMethods](./asset-methods.md) - [BatchMethods](./batch-methods.md) - [ContainerMethods](./container-methods.md) - [ContentMethods](./content-methods.md) - [InstanceMethods](./instance-methods.md) - [InstanceUserMethods](./instance-user-methods.md) - [ModelMethods](./model-methods.md) - [PageMethods](./page-methods.md) - **ServerUserMethods** *(current)* - [WebhookMethods](./webhook-methods.md)