I am making a bot which syncs our SSO group information into Discourse when that information changes in our directory service. There is a granular API scope for user operations, but there doesn’t seem to be one for groups. Am I just overlooking it?
If I understand correctly you want an API scope for adding and removing users to groups. There is one for adding users and removing users.
Sorry, let expand. I know about those API endpoints. What I want is to generate an API key that had the permissions to do those things (and nothing else).
I do not see an API endpoint to do that in the docs.
The docs do not really cover the API scopes. You can find them when you create a new API key on your site, and choose Scope: Granular.
Are you looking for something like “manage groups” (optional group id)?
This scope would allow you to add and remove users from a group
Yeah, exactly. Basically, checkboxes corresponding to the API endpoints documented at https://docs.discourse.org/#tag/Groups
roughly analogous to
The thing you said — add and remove group members — is probably the most important. (I can possibly see some value in separating those, but I don’t think I care for our purposes.) That presumably would also include “List group members” for groups that might not be public.
The next-most important thing is Create / Delete / Update — I think for our initial use, though, we’ll rely on manually created groups (and ignore SSO groups which don’t have a Discourse equivalent).
Yeah… feels like we are describing 2 scopes here:
Manage groups (optional group id) - allows you to add / remove / set group owners / list
Administer groups - allows you to create/delete and manage groups.
We can certainly get this done some time in the next month, it is not too huge.
Adding an internal tag to track it. Sounds good?
Sounds perfect — thanks!
The API scopes have been added for managing and administering groups:
I believe I already followed up elsewhere, but just closing the loop on this topic.