Is there an API scope which covers operations relating to groups?

mattdm · December 23, 2022, 1:03am

I am making a bot which syncs our SSO group information into Discourse when that information changes in our directory service. There is a granular API scope for user operations, but there doesn’t seem to be one for groups. Am I just overlooking it?

not-ethan · December 23, 2022, 1:30am

If I understand correctly you want an API scope for adding and removing users to groups. There is one for adding users and removing users.

mattdm · December 23, 2022, 1:49am

Sorry, let expand. I know about those API endpoints. What I want is to generate an API key that had the permissions to do those things (and nothing else).

not-ethan · December 23, 2022, 1:57am

I do not see an API endpoint to do that in the docs.

mattdm · December 26, 2022, 11:12pm

The docs do not really cover the API scopes. You can find them when you create a new API key on your site, and choose Scope: Granular.

sam · February 12, 2023, 7:57pm

Are you looking for something like “manage groups” (optional group id)?

This scope would allow you to add and remove users from a group

mattdm · February 12, 2023, 8:23pm

Yeah, exactly. Basically, checkboxes corresponding to the API endpoints documented at https://docs.discourse.org/#tag/Groups

roughly analogous to

The thing you said — add and remove group members — is probably the most important. (I can possibly see some value in separating those, but I don’t think I care for our purposes.) That presumably would also include “List group members” for groups that might not be public.

The next-most important thing is Create / Delete / Update — I think for our initial use, though, we’ll rely on manually created groups (and ignore SSO groups which don’t have a Discourse equivalent).

Thank you!

sam · February 12, 2023, 10:06pm

Yeah… feels like we are describing 2 scopes here:

Manage groups (optional group id) - allows you to add / remove / set group owners / list
Administer groups - allows you to create/delete and manage groups.

We can certainly get this done some time in the next month, it is not too huge.

Adding an internal tag to track it. Sounds good?

mattdm · February 12, 2023, 11:42pm

Sounds perfect — thanks!

blake · March 10, 2023, 6:54pm

The API scopes have been added for managing and administering groups:

I believe I already followed up elsewhere, but just closing the loop on this topic.

blake · March 10, 2023, 6:54pm