@epilot/sdk 2.0.3 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (202) hide show
  1. package/definitions/access-token-runtime.json +1 -0
  2. package/definitions/access-token.json +663 -0
  3. package/definitions/address-runtime.json +1 -0
  4. package/definitions/address-suggestions-runtime.json +1 -0
  5. package/definitions/address-suggestions.json +582 -0
  6. package/definitions/address.json +578 -0
  7. package/definitions/ai-agents-runtime.json +1 -0
  8. package/definitions/ai-agents.json +1711 -0
  9. package/definitions/app-runtime.json +1 -0
  10. package/definitions/app.json +4443 -0
  11. package/definitions/audit-logs-runtime.json +1 -0
  12. package/definitions/audit-logs.json +305 -0
  13. package/definitions/automation-runtime.json +1 -0
  14. package/definitions/automation.json +4850 -0
  15. package/definitions/billing-runtime.json +1 -0
  16. package/definitions/billing.json +837 -0
  17. package/definitions/blueprint-manifest-runtime.json +1 -0
  18. package/definitions/blueprint-manifest.json +3376 -0
  19. package/definitions/consent-runtime.json +1 -0
  20. package/definitions/consent.json +344 -0
  21. package/definitions/customer-portal-runtime.json +1 -0
  22. package/definitions/customer-portal.json +15000 -0
  23. package/definitions/dashboard-runtime.json +1 -0
  24. package/definitions/dashboard.json +484 -0
  25. package/definitions/data-management-runtime.json +1 -0
  26. package/definitions/data-management.json +962 -0
  27. package/definitions/deduplication-runtime.json +1 -0
  28. package/definitions/deduplication.json +183 -0
  29. package/definitions/design-runtime.json +1 -0
  30. package/definitions/design.json +1423 -0
  31. package/definitions/document-runtime.json +1 -0
  32. package/definitions/document.json +758 -0
  33. package/definitions/email-settings-runtime.json +1 -0
  34. package/definitions/email-settings.json +2627 -0
  35. package/definitions/email-template-runtime.json +1 -0
  36. package/definitions/email-template.json +1419 -0
  37. package/definitions/entity-mapping-runtime.json +1 -0
  38. package/definitions/entity-mapping.json +1642 -0
  39. package/definitions/entity-runtime.json +1 -0
  40. package/definitions/entity.json +10074 -0
  41. package/definitions/environments-runtime.json +1 -0
  42. package/definitions/environments.json +363 -0
  43. package/definitions/erp-integration-runtime.json +1 -0
  44. package/definitions/erp-integration.json +5845 -0
  45. package/definitions/event-catalog-runtime.json +1 -0
  46. package/definitions/event-catalog.json +1051 -0
  47. package/definitions/file-runtime.json +1 -0
  48. package/definitions/file.json +2842 -0
  49. package/definitions/iban-runtime.json +1 -0
  50. package/definitions/iban.json +132 -0
  51. package/definitions/journey-runtime.json +1 -0
  52. package/definitions/journey.json +2341 -0
  53. package/definitions/kanban-runtime.json +1 -0
  54. package/definitions/kanban.json +929 -0
  55. package/definitions/message-runtime.json +1 -0
  56. package/definitions/message.json +2660 -0
  57. package/definitions/metering-runtime.json +1 -0
  58. package/definitions/metering.json +2321 -0
  59. package/definitions/notes-runtime.json +1 -0
  60. package/definitions/notes.json +1531 -0
  61. package/definitions/notification-runtime.json +1 -0
  62. package/definitions/notification.json +1425 -0
  63. package/definitions/organization-runtime.json +1 -0
  64. package/definitions/organization.json +629 -0
  65. package/definitions/partner-directory-runtime.json +1 -0
  66. package/definitions/partner-directory.json +1718 -0
  67. package/definitions/permissions-runtime.json +1 -0
  68. package/definitions/permissions.json +1480 -0
  69. package/definitions/pricing-runtime.json +1 -0
  70. package/definitions/pricing-tier-runtime.json +1 -0
  71. package/definitions/pricing-tier.json +105 -0
  72. package/definitions/pricing.json +9884 -0
  73. package/definitions/purpose-runtime.json +1 -0
  74. package/definitions/purpose.json +524 -0
  75. package/definitions/sandbox-runtime.json +1 -0
  76. package/definitions/sandbox.json +453 -0
  77. package/definitions/submission-runtime.json +1 -0
  78. package/definitions/submission.json +313 -0
  79. package/definitions/targeting-runtime.json +1 -0
  80. package/definitions/targeting.json +1474 -0
  81. package/definitions/template-variables-runtime.json +1 -0
  82. package/definitions/template-variables.json +1408 -0
  83. package/definitions/user-runtime.json +1 -0
  84. package/definitions/user.json +2408 -0
  85. package/definitions/validation-rules-runtime.json +1 -0
  86. package/definitions/validation-rules.json +1491 -0
  87. package/definitions/webhooks-runtime.json +1 -0
  88. package/definitions/webhooks.json +1525 -0
  89. package/definitions/workflow-definition-runtime.json +1 -0
  90. package/definitions/workflow-definition.json +3417 -0
  91. package/definitions/workflow-runtime.json +1 -0
  92. package/definitions/workflow.json +4106 -0
  93. package/dist/apis/access-token.cjs +7 -7
  94. package/dist/apis/access-token.js +1 -1
  95. package/dist/apis/address-suggestions.cjs +7 -7
  96. package/dist/apis/address-suggestions.js +1 -1
  97. package/dist/apis/address.cjs +7 -7
  98. package/dist/apis/address.js +1 -1
  99. package/dist/apis/ai-agents.cjs +7 -7
  100. package/dist/apis/ai-agents.js +1 -1
  101. package/dist/apis/app.cjs +7 -7
  102. package/dist/apis/app.js +1 -1
  103. package/dist/apis/audit-logs.cjs +7 -7
  104. package/dist/apis/audit-logs.js +1 -1
  105. package/dist/apis/automation.cjs +7 -7
  106. package/dist/apis/automation.js +1 -1
  107. package/dist/apis/billing.cjs +7 -7
  108. package/dist/apis/billing.js +1 -1
  109. package/dist/apis/blueprint-manifest.cjs +7 -7
  110. package/dist/apis/blueprint-manifest.js +1 -1
  111. package/dist/apis/consent.cjs +7 -7
  112. package/dist/apis/consent.js +1 -1
  113. package/dist/apis/customer-portal.cjs +7 -7
  114. package/dist/apis/customer-portal.js +1 -1
  115. package/dist/apis/dashboard.cjs +7 -7
  116. package/dist/apis/dashboard.js +1 -1
  117. package/dist/apis/data-management.cjs +7 -7
  118. package/dist/apis/data-management.d.cts +2 -2
  119. package/dist/apis/data-management.d.ts +2 -2
  120. package/dist/apis/data-management.js +1 -1
  121. package/dist/apis/deduplication.cjs +7 -7
  122. package/dist/apis/deduplication.js +1 -1
  123. package/dist/apis/design.cjs +7 -7
  124. package/dist/apis/design.js +1 -1
  125. package/dist/apis/document.cjs +7 -7
  126. package/dist/apis/document.js +1 -1
  127. package/dist/apis/email-settings.cjs +7 -7
  128. package/dist/apis/email-settings.js +1 -1
  129. package/dist/apis/email-template.cjs +7 -7
  130. package/dist/apis/email-template.js +1 -1
  131. package/dist/apis/entity-mapping.cjs +7 -7
  132. package/dist/apis/entity-mapping.js +1 -1
  133. package/dist/apis/entity.cjs +8 -8
  134. package/dist/apis/entity.d.cts +2 -2
  135. package/dist/apis/entity.d.ts +2 -2
  136. package/dist/apis/entity.js +2 -2
  137. package/dist/apis/environments.cjs +7 -7
  138. package/dist/apis/environments.js +1 -1
  139. package/dist/apis/erp-integration.cjs +7 -7
  140. package/dist/apis/erp-integration.js +1 -1
  141. package/dist/apis/event-catalog.cjs +7 -7
  142. package/dist/apis/event-catalog.js +1 -1
  143. package/dist/apis/file.cjs +7 -7
  144. package/dist/apis/file.js +1 -1
  145. package/dist/apis/iban.cjs +7 -7
  146. package/dist/apis/iban.js +1 -1
  147. package/dist/apis/journey.cjs +7 -7
  148. package/dist/apis/journey.js +1 -1
  149. package/dist/apis/kanban.cjs +7 -7
  150. package/dist/apis/kanban.js +1 -1
  151. package/dist/apis/message.cjs +7 -7
  152. package/dist/apis/message.js +1 -1
  153. package/dist/apis/metering.cjs +7 -7
  154. package/dist/apis/metering.js +1 -1
  155. package/dist/apis/notes.cjs +7 -7
  156. package/dist/apis/notes.js +1 -1
  157. package/dist/apis/notification.cjs +7 -7
  158. package/dist/apis/notification.js +1 -1
  159. package/dist/apis/organization.cjs +7 -7
  160. package/dist/apis/organization.js +1 -1
  161. package/dist/apis/partner-directory.cjs +7 -7
  162. package/dist/apis/partner-directory.js +1 -1
  163. package/dist/apis/permissions.cjs +7 -7
  164. package/dist/apis/permissions.js +1 -1
  165. package/dist/apis/pricing-tier.cjs +7 -7
  166. package/dist/apis/pricing-tier.js +1 -1
  167. package/dist/apis/pricing.cjs +7 -7
  168. package/dist/apis/pricing.js +1 -1
  169. package/dist/apis/purpose.cjs +7 -7
  170. package/dist/apis/purpose.js +1 -1
  171. package/dist/apis/sandbox.cjs +7 -7
  172. package/dist/apis/sandbox.js +1 -1
  173. package/dist/apis/submission.cjs +7 -7
  174. package/dist/apis/submission.js +1 -1
  175. package/dist/apis/targeting.cjs +7 -7
  176. package/dist/apis/targeting.js +1 -1
  177. package/dist/apis/template-variables.cjs +7 -7
  178. package/dist/apis/template-variables.js +1 -1
  179. package/dist/apis/user.cjs +7 -7
  180. package/dist/apis/user.js +1 -1
  181. package/dist/apis/validation-rules.cjs +7 -7
  182. package/dist/apis/validation-rules.js +1 -1
  183. package/dist/apis/webhooks.cjs +7 -7
  184. package/dist/apis/webhooks.js +1 -1
  185. package/dist/apis/workflow-definition.cjs +7 -7
  186. package/dist/apis/workflow-definition.js +1 -1
  187. package/dist/apis/workflow.cjs +7 -7
  188. package/dist/apis/workflow.js +1 -1
  189. package/dist/bin/cli.js +123 -25
  190. package/dist/{chunk-QMQNMCOC.js → chunk-XE25WERA.js} +1 -1
  191. package/dist/{chunk-5LXNSDG2.cjs → chunk-XEQMAKGA.cjs} +1 -1
  192. package/dist/{data-management.d-pnuiRU2h.d.ts → data-management.d-CkDmJwpx.d.cts} +1 -2
  193. package/dist/{data-management.d-pnuiRU2h.d.cts → data-management.d-CkDmJwpx.d.ts} +1 -2
  194. package/dist/{entity.d-CrtZaZr8.d.cts → entity.d-DtiajmaY.d.cts} +292 -10
  195. package/dist/{entity.d-CrtZaZr8.d.ts → entity.d-DtiajmaY.d.ts} +292 -10
  196. package/dist/index.cjs +7 -7
  197. package/dist/index.d.cts +2 -2
  198. package/dist/index.d.ts +2 -2
  199. package/dist/index.js +1 -1
  200. package/dist/js-yaml-UPZKYVRY.js +2645 -0
  201. package/package.json +11 -10
  202. package/LICENSE +0 -21
package/definitions/permissions.json ADDED
@@ -0,0 +1,1480 @@
1
+ {
2
+ "openapi": "3.0.3",
3
+ "info": {
4
+ "title": "Permissions API",
5
+ "version": "1.2.0",
6
+ "description": "Flexible Role-based Access Control for epilot"
7
+ },
8
+ "tags": [
9
+ {
10
+ "name": "Roles",
11
+ "description": "Manage roles and grants"
12
+ },
13
+ {
14
+ "name": "Assignments",
15
+ "description": "Assign roles to users"
16
+ }
17
+ ],
18
+ "security": [
19
+ {
20
+ "EpilotAuth": []
21
+ },
22
+ {
23
+ "EpilotOrg": []
24
+ }
25
+ ],
26
+ "paths": {
27
+ "/v1/permissions/me": {
28
+ "get": {
29
+ "operationId": "listCurrentRoles",
30
+ "summary": "listCurrentRoles",
31
+ "description": "Returns roles and grants assigned to current user",
32
+ "tags": [
33
+ "Roles"
34
+ ],
35
+ "responses": {
36
+ "200": {
37
+ "description": "ok",
38
+ "content": {
39
+ "application/json": {
40
+ "schema": {
41
+ "type": "object",
42
+ "properties": {
43
+ "roles": {
44
+ "type": "array",
45
+ "items": {
46
+ "$ref": "#/components/schemas/Role"
47
+ }
48
+ }
49
+ }
50
+ }
51
+ }
52
+ }
53
+ }
54
+ }
55
+ }
56
+ },
57
+ "/v1/permissions/roles": {
58
+ "get": {
59
+ "operationId": "listAllRoles",
60
+ "summary": "listAllRoles",
61
+ "description": "Returns list of all roles in organization",
62
+ "tags": [
63
+ "Roles"
64
+ ],
65
+ "responses": {
66
+ "200": {
67
+ "description": "ok",
68
+ "content": {
69
+ "application/json": {
70
+ "schema": {
71
+ "type": "object",
72
+ "properties": {
73
+ "roles": {
74
+ "type": "array",
75
+ "items": {
76
+ "$ref": "#/components/schemas/Role"
77
+ }
78
+ }
79
+ }
80
+ }
81
+ }
82
+ }
83
+ }
84
+ }
85
+ },
86
+ "post": {
87
+ "operationId": "createRole",
88
+ "summary": "createRole",
89
+ "description": "Create role",
90
+ "tags": [
91
+ "Roles"
92
+ ],
93
+ "requestBody": {
94
+ "content": {
95
+ "application/json": {
96
+ "schema": {
97
+ "$ref": "#/components/schemas/CreateRolePayload"
98
+ }
99
+ }
100
+ }
101
+ },
102
+ "responses": {
103
+ "200": {
104
+ "description": "ok",
105
+ "content": {
106
+ "application/json": {
107
+ "schema": {
108
+ "$ref": "#/components/schemas/Role"
109
+ }
110
+ }
111
+ }
112
+ },
113
+ "400": {
114
+ "description": "Invalid role configuration",
115
+ "content": {
116
+ "application/json": {
117
+ "schema": {
118
+ "$ref": "#/components/schemas/Error"
119
+ },
120
+ "examples": {
121
+ "parent_role_invalid_type": {
122
+ "summary": "Parent role must be org_role or share_role",
123
+ "value": {
124
+ "message": "Parent role must be org_role or share_role, got user_role"
125
+ }
126
+ },
127
+ "parent_role_different_org": {
128
+ "summary": "Parent org_role must be in the same organization",
129
+ "value": {
130
+ "message": "Parent org_role must be in the same organization"
131
+ }
132
+ },
133
+ "parent_role_max_hierarchy": {
134
+ "summary": "Parent role cannot itself have a parent",
135
+ "value": {
136
+ "message": "Parent role cannot itself have a parent (max 2 levels of hierarchy)"
137
+ }
138
+ },
139
+ "circular_dependency_self": {
140
+ "summary": "Role cannot be its own parent",
141
+ "value": {
142
+ "message": "Role cannot be its own parent"
143
+ }
144
+ },
145
+ "circular_dependency_detected": {
146
+ "summary": "Circular dependency detected",
147
+ "value": {
148
+ "message": "Circular dependency detected: role 123:child would create a cycle"
149
+ }
150
+ }
151
+ }
152
+ }
153
+ }
154
+ },
155
+ "404": {
156
+ "description": "Parent role does not exist",
157
+ "content": {
158
+ "application/json": {
159
+ "schema": {
160
+ "$ref": "#/components/schemas/Error"
161
+ },
162
+ "examples": {
163
+ "parent_role_not_found": {
164
+ "summary": "Parent role does not exist",
165
+ "value": {
166
+ "message": "Parent role 123:nonexistent does not exist"
167
+ }
168
+ }
169
+ }
170
+ }
171
+ }
172
+ }
173
+ }
174
+ }
175
+ },
176
+ "/v1/permissions/roles:search": {
177
+ "post": {
178
+ "operationId": "searchRoles",
179
+ "summary": "searchRoles",
180
+ "description": "Search Roles",
181
+ "tags": [
182
+ "Roles"
183
+ ],
184
+ "requestBody": {
185
+ "content": {
186
+ "application/json": {
187
+ "schema": {
188
+ "$ref": "#/components/schemas/RoleSearchInput"
189
+ }
190
+ }
191
+ }
192
+ },
193
+ "responses": {
194
+ "200": {
195
+ "description": "ok",
196
+ "content": {
197
+ "application/json": {
198
+ "schema": {
199
+ "type": "object",
200
+ "properties": {
201
+ "hits": {
202
+ "type": "number"
203
+ },
204
+ "results": {
205
+ "type": "array",
206
+ "items": {
207
+ "$ref": "#/components/schemas/Role"
208
+ }
209
+ }
210
+ }
211
+ }
212
+ }
213
+ }
214
+ }
215
+ }
216
+ }
217
+ },
218
+ "/v1/permissions/roles/{roleId}": {
219
+ "get": {
220
+ "operationId": "getRole",
221
+ "summary": "getRole",
222
+ "description": "Get role by id",
223
+ "tags": [
224
+ "Roles"
225
+ ],
226
+ "parameters": [
227
+ {
228
+ "name": "roleId",
229
+ "in": "path",
230
+ "required": true,
231
+ "schema": {
232
+ "$ref": "#/components/schemas/RoleId"
233
+ }
234
+ }
235
+ ],
236
+ "responses": {
237
+ "200": {
238
+ "description": "ok",
239
+ "content": {
240
+ "application/json": {
241
+ "schema": {
242
+ "$ref": "#/components/schemas/Role"
243
+ }
244
+ }
245
+ }
246
+ }
247
+ }
248
+ },
249
+ "put": {
250
+ "operationId": "putRole",
251
+ "summary": "putRole",
252
+ "description": "Create or update role",
253
+ "tags": [
254
+ "Roles"
255
+ ],
256
+ "parameters": [
257
+ {
258
+ "name": "roleId",
259
+ "in": "path",
260
+ "required": true,
261
+ "schema": {
262
+ "$ref": "#/components/schemas/RoleId"
263
+ }
264
+ }
265
+ ],
266
+ "requestBody": {
267
+ "content": {
268
+ "application/json": {
269
+ "schema": {
270
+ "$ref": "#/components/schemas/RolePayload"
271
+ },
272
+ "x-examples": {
273
+ "User role: manager": {
274
+ "description": "Example manager role",
275
+ "value": {
276
+ "id": "123:manager",
277
+ "name": "Manager",
278
+ "slug": "manager",
279
+ "type": "user_role",
280
+ "organization_id": "123",
281
+ "grants": [
282
+ {
283
+ "action": "entity:view",
284
+ "resource": "*"
285
+ },
286
+ {
287
+ "action": "entity:update",
288
+ "resource": "*"
289
+ },
290
+ {
291
+ "action": "user:view"
292
+ },
293
+ {
294
+ "action": "user:invite"
295
+ },
296
+ {
297
+ "action": "role:view"
298
+ },
299
+ {
300
+ "action": "role:create"
301
+ },
302
+ {
303
+ "action": "role:assign"
304
+ },
305
+ {
306
+ "action": "entity:view",
307
+ "resource": "file:*",
308
+ "conditions": [
309
+ {
310
+ "attribute": "_tags",
311
+ "operation": "equals",
312
+ "values": [
313
+ "offer",
314
+ "contract"
315
+ ]
316
+ }
317
+ ]
318
+ },
319
+ {
320
+ "action": "message:view",
321
+ "dependencies": [
322
+ {
323
+ "action": "entity:view",
324
+ "resource": "message*"
325
+ },
326
+ {
327
+ "action": "entity:view",
328
+ "resource": "thread*"
329
+ }
330
+ ]
331
+ },
332
+ {
333
+ "action": "message:send",
334
+ "dependencies": [
335
+ {
336
+ "action": "entity:*",
337
+ "resource": "message*"
338
+ },
339
+ {
340
+ "action": "entity:*",
341
+ "resource": "thread*"
342
+ }
343
+ ]
344
+ },
345
+ {
346
+ "action": "workflow:*"
347
+ }
348
+ ]
349
+ }
350
+ },
351
+ "User role: employee": {
352
+ "description": "Example employee role",
353
+ "value": {
354
+ "id": "123:employee",
355
+ "name": "Employee",
356
+ "slug": "employee",
357
+ "type": "user_role",
358
+ "organization_id": "123",
359
+ "grants": [
360
+ {
361
+ "action": "entity:view",
362
+ "resource": "*"
363
+ },
364
+ {
365
+ "action": "entity:update",
366
+ "resource": "*"
367
+ },
368
+ {
369
+ "action": "user:view"
370
+ },
371
+ {
372
+ "action": "message:view",
373
+ "dependencies": [
374
+ {
375
+ "action": "entity:view",
376
+ "resource": "message*"
377
+ },
378
+ {
379
+ "action": "entity:view",
380
+ "resource": "thread*"
381
+ }
382
+ ]
383
+ },
384
+ {
385
+ "action": "message:send",
386
+ "dependencies": [
387
+ {
388
+ "action": "entity:*",
389
+ "resource": "message*"
390
+ },
391
+ {
392
+ "action": "entity:*",
393
+ "resource": "thread*"
394
+ }
395
+ ]
396
+ },
397
+ {
398
+ "action": "workflow:execution:*"
399
+ }
400
+ ]
401
+ }
402
+ },
403
+ "User role: administrator": {
404
+ "description": "Example administrator role",
405
+ "value": {
406
+ "id": "123:administrator",
407
+ "name": "Administrator",
408
+ "slug": "administrator",
409
+ "type": "user_role",
410
+ "organization_id": "123",
411
+ "grants": [
412
+ {
413
+ "action": "*",
414
+ "resource": "*"
415
+ }
416
+ ]
417
+ }
418
+ },
419
+ "Organization root role": {
420
+ "description": "Example organization root role. Must be satisifed for all org queries.",
421
+ "value": {
422
+ "id": "123:root",
423
+ "name": "Organization root role",
424
+ "slug": "root",
425
+ "type": "org_role",
426
+ "organization_id": "123",
427
+ "grants": [
428
+ {
429
+ "action": "*",
430
+ "resource": "*"
431
+ },
432
+ {
433
+ "action": "webhook:*",
434
+ "effect": "deny"
435
+ }
436
+ ]
437
+ }
438
+ },
439
+ "Share role": {
440
+ "description": "Example share role. This can be assigned to users in other organizations",
441
+ "value": {
442
+ "id": "123:example_share_role",
443
+ "name": "Example opportunity share role",
444
+ "slug": "example_share_role",
445
+ "type": "share_role",
446
+ "organization_id": "123",
447
+ "grants": [
448
+ {
449
+ "action": "entity:view",
450
+ "resource": "opportunity:123456"
451
+ },
452
+ {
453
+ "action": "entity:edit",
454
+ "resource": "opportunity:123456"
455
+ },
456
+ {
457
+ "action": "workflow:execution:*"
458
+ },
459
+ {
460
+ "action": "message:*"
461
+ },
462
+ {
463
+ "action": "entity:*",
464
+ "resource": "message*"
465
+ },
466
+ {
467
+ "action": "entity:*",
468
+ "resource": "thread*"
469
+ }
470
+ ]
471
+ }
472
+ },
473
+ "Partner role": {
474
+ "description": "Example partner role. This can be given to a partner organization, who can then assign it to their users",
475
+ "value": {
476
+ "id": "123:example_partner_role",
477
+ "name": "Example opportunity share role",
478
+ "slug": "example_partner_role",
479
+ "type": "partner_role",
480
+ "organization_id": "123",
481
+ "partner_org_id": "456",
482
+ "grants": [
483
+ {
484
+ "action": "entity:view",
485
+ "resource": "opportunity*"
486
+ },
487
+ {
488
+ "action": "entity:edit",
489
+ "resource": "opportunity*"
490
+ },
491
+ {
492
+ "action": "workflow:execution:*"
493
+ },
494
+ {
495
+ "action": "message:*"
496
+ },
497
+ {
498
+ "action": "entity:*",
499
+ "resource": "message*"
500
+ },
501
+ {
502
+ "action": "entity:*",
503
+ "resource": "thread*"
504
+ }
505
+ ]
506
+ }
507
+ },
508
+ "Portal role": {
509
+ "description": "Example portal role. Implicitly used by end users of portals",
510
+ "value": {
511
+ "id": "123:default_end_customer_portal_role",
512
+ "name": "Default End Customer Portal Role",
513
+ "slug": "default_end_customer_portal_role",
514
+ "type": "portal_role",
515
+ "organization_id": "123",
516
+ "grants": [
517
+ {
518
+ "action": "entity:attribute:view",
519
+ "resource": "contact:*/*"
520
+ },
521
+ {
522
+ "action": "entity:edit",
523
+ "resource": "opportunity*"
524
+ }
525
+ ]
526
+ }
527
+ },
528
+ "User role with parent": {
529
+ "description": "Example user role that inherits from a parent role",
530
+ "value": {
531
+ "id": "123:limited_manager",
532
+ "name": "Limited Manager",
533
+ "slug": "limited_manager",
534
+ "type": "user_role",
535
+ "organization_id": "123",
536
+ "parent_role": "123:manager",
537
+ "grants": [
538
+ {
539
+ "action": "entity:view",
540
+ "resource": "contact:*"
541
+ },
542
+ {
543
+ "action": "entity:edit",
544
+ "resource": "contact:*"
545
+ }
546
+ ]
547
+ }
548
+ }
549
+ }
550
+ }
551
+ }
552
+ },
553
+ "responses": {
554
+ "200": {
555
+ "description": "ok",
556
+ "content": {
557
+ "application/json": {
558
+ "schema": {
559
+ "$ref": "#/components/schemas/Role"
560
+ }
561
+ }
562
+ }
563
+ },
564
+ "400": {
565
+ "description": "Bad Request - Invalid role configuration",
566
+ "content": {
567
+ "application/json": {
568
+ "schema": {
569
+ "$ref": "#/components/schemas/Error"
570
+ },
571
+ "examples": {
572
+ "parent_role_invalid_type": {
573
+ "summary": "Parent role must be org_role or share_role",
574
+ "value": {
575
+ "message": "Parent role must be org_role or share_role, got user_role"
576
+ }
577
+ },
578
+ "parent_role_different_org": {
579
+ "summary": "Parent org_role must be in the same organization",
580
+ "value": {
581
+ "message": "Parent org_role must be in the same organization"
582
+ }
583
+ },
584
+ "parent_role_max_hierarchy": {
585
+ "summary": "Parent role cannot itself have a parent",
586
+ "value": {
587
+ "message": "Parent role cannot itself have a parent (max 2 levels of hierarchy)"
588
+ }
589
+ },
590
+ "circular_dependency_self": {
591
+ "summary": "Role cannot be its own parent",
592
+ "value": {
593
+ "message": "Role cannot be its own parent"
594
+ }
595
+ },
596
+ "circular_dependency_detected": {
597
+ "summary": "Circular dependency detected",
598
+ "value": {
599
+ "message": "Circular dependency detected: role 123:child would create a cycle"
600
+ }
601
+ }
602
+ }
603
+ }
604
+ }
605
+ },
606
+ "404": {
607
+ "description": "Not Found - Parent role does not exist",
608
+ "content": {
609
+ "application/json": {
610
+ "schema": {
611
+ "$ref": "#/components/schemas/Error"
612
+ },
613
+ "examples": {
614
+ "parent_role_not_found": {
615
+ "summary": "Parent role does not exist",
616
+ "value": {
617
+ "message": "Parent role 123:nonexistent does not exist"
618
+ }
619
+ }
620
+ }
621
+ }
622
+ }
623
+ }
624
+ }
625
+ },
626
+ "delete": {
627
+ "operationId": "deleteRole",
628
+ "summary": "deleteRole",
629
+ "description": "Delete role by id",
630
+ "tags": [
631
+ "Roles"
632
+ ],
633
+ "parameters": [
634
+ {
635
+ "name": "roleId",
636
+ "in": "path",
637
+ "required": true,
638
+ "schema": {
639
+ "$ref": "#/components/schemas/RoleId"
640
+ }
641
+ }
642
+ ],
643
+ "responses": {
644
+ "200": {
645
+ "description": "ok",
646
+ "content": {
647
+ "application/json": {
648
+ "schema": {
649
+ "$ref": "#/components/schemas/Role"
650
+ }
651
+ }
652
+ }
653
+ }
654
+ }
655
+ }
656
+ },
657
+ "/v1/permissions/refresh": {
658
+ "get": {
659
+ "operationId": "refreshPermissions",
660
+ "summary": "refreshPermissions",
661
+ "description": "Makes sure the user has a role in the organization",
662
+ "tags": [
663
+ "Roles"
664
+ ],
665
+ "responses": {
666
+ "200": {
667
+ "description": "Refreshed succesfully"
668
+ }
669
+ }
670
+ }
671
+ },
672
+ "/v1/permissions/assignments/{userId}": {
673
+ "get": {
674
+ "operationId": "getAssignedRolesForUser",
675
+ "summary": "getAssignedRolesForUser",
676
+ "description": "Get list of assigned roles by user id",
677
+ "tags": [
678
+ "Assignments"
679
+ ],
680
+ "parameters": [
681
+ {
682
+ "name": "userId",
683
+ "in": "path",
684
+ "required": true,
685
+ "schema": {
686
+ "$ref": "#/components/schemas/UserId"
687
+ }
688
+ }
689
+ ],
690
+ "responses": {
691
+ "200": {
692
+ "description": "ok",
693
+ "content": {
694
+ "application/json": {
695
+ "schema": {
696
+ "$ref": "#/components/schemas/Assignments"
697
+ }
698
+ }
699
+ }
700
+ }
701
+ }
702
+ },
703
+ "put": {
704
+ "operationId": "assignRoles",
705
+ "summary": "assignRoles",
706
+ "description": "Assign / unassign roles to users.",
707
+ "tags": [
708
+ "Assignments"
709
+ ],
710
+ "parameters": [
711
+ {
712
+ "name": "userId",
713
+ "in": "path",
714
+ "required": true,
715
+ "schema": {
716
+ "$ref": "#/components/schemas/UserId"
717
+ }
718
+ }
719
+ ],
720
+ "requestBody": {
721
+ "content": {
722
+ "application/json": {
723
+ "schema": {
724
+ "$ref": "#/components/schemas/Assignments"
725
+ }
726
+ }
727
+ }
728
+ },
729
+ "responses": {
730
+ "200": {
731
+ "description": "ok",
732
+ "content": {
733
+ "application/json": {
734
+ "schema": {
735
+ "$ref": "#/components/schemas/Assignments"
736
+ }
737
+ }
738
+ }
739
+ }
740
+ }
741
+ }
742
+ },
743
+ "/v1/permissions/assignments/{userId}/{roleId}": {
744
+ "post": {
745
+ "operationId": "addAssignment",
746
+ "summary": "addAssignment",
747
+ "description": "Assign a user to a role.\n\nUse the `x-epilot-org-id` header to assign share roles to users in other orgs\n",
748
+ "tags": [
749
+ "Assignments"
750
+ ],
751
+ "parameters": [
752
+ {
753
+ "name": "userId",
754
+ "in": "path",
755
+ "required": true,
756
+ "schema": {
757
+ "$ref": "#/components/schemas/UserId"
758
+ }
759
+ },
760
+ {
761
+ "name": "roleId",
762
+ "in": "path",
763
+ "required": true,
764
+ "schema": {
765
+ "$ref": "#/components/schemas/RoleId"
766
+ }
767
+ }
768
+ ],
769
+ "responses": {
770
+ "201": {
771
+ "description": "ok",
772
+ "content": {
773
+ "application/json": {
774
+ "schema": {
775
+ "$ref": "#/components/schemas/Assignment"
776
+ }
777
+ }
778
+ }
779
+ }
780
+ }
781
+ },
782
+ "delete": {
783
+ "operationId": "removeAssignment",
784
+ "summary": "removeAssignment",
785
+ "description": "Remove role assignment from user",
786
+ "tags": [
787
+ "Assignments"
788
+ ],
789
+ "parameters": [
790
+ {
791
+ "name": "userId",
792
+ "in": "path",
793
+ "required": true,
794
+ "schema": {
795
+ "$ref": "#/components/schemas/UserId"
796
+ }
797
+ },
798
+ {
799
+ "name": "roleId",
800
+ "in": "path",
801
+ "required": true,
802
+ "schema": {
803
+ "$ref": "#/components/schemas/RoleId"
804
+ }
805
+ }
806
+ ],
807
+ "responses": {
808
+ "200": {
809
+ "description": "ok",
810
+ "content": {
811
+ "application/json": {
812
+ "schema": {
813
+ "$ref": "#/components/schemas/Assignment"
814
+ }
815
+ }
816
+ }
817
+ }
818
+ }
819
+ }
820
+ },
821
+ "/v1/permissions/assignments": {
822
+ "get": {
823
+ "operationId": "listAllAssignments",
824
+ "summary": "listAllAssignments",
825
+ "description": "Returns list of all assignments in organization",
826
+ "tags": [
827
+ "Assignments"
828
+ ],
829
+ "responses": {
830
+ "200": {
831
+ "description": "ok",
832
+ "content": {
833
+ "application/json": {
834
+ "schema": {
835
+ "type": "object",
836
+ "properties": {
837
+ "assignments": {
838
+ "type": "array",
839
+ "items": {
840
+ "$ref": "#/components/schemas/Assignment"
841
+ }
842
+ }
843
+ }
844
+ }
845
+ }
846
+ }
847
+ }
848
+ }
849
+ }
850
+ }
851
+ },
852
+ "components": {
853
+ "securitySchemes": {
854
+ "EpilotAuth": {
855
+ "type": "http",
856
+ "scheme": "bearer",
857
+ "description": "Authorization header with epilot OAuth2 bearer token",
858
+ "bearerFormat": "JWT"
859
+ },
860
+ "EpilotOrg": {
861
+ "description": "Overrides the target organization to allow shared tenantaccess",
862
+ "name": "x-epilot-org-id",
863
+ "in": "header",
864
+ "type": "apiKey"
865
+ }
866
+ },
867
+ "schemas": {
868
+ "Grant": {
869
+ "type": "object",
870
+ "properties": {
871
+ "action": {
872
+ "type": "string",
873
+ "example": "entity-read"
874
+ },
875
+ "resource": {
876
+ "type": "string",
877
+ "example": "entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947"
878
+ },
879
+ "effect": {
880
+ "type": "string",
881
+ "default": "allow",
882
+ "enum": [
883
+ "allow",
884
+ "deny"
885
+ ]
886
+ },
887
+ "conditions": {
888
+ "type": "array",
889
+ "items": {
890
+ "$ref": "#/components/schemas/GrantCondition"
891
+ }
892
+ }
893
+ },
894
+ "required": [
895
+ "action"
896
+ ]
897
+ },
898
+ "GrantWithDependencies": {
899
+ "allOf": [
900
+ {
901
+ "$ref": "#/components/schemas/Grant"
902
+ },
903
+ {
904
+ "type": "object",
905
+ "properties": {
906
+ "dependencies": {
907
+ "description": "Provided additional dependencies, exploded when storing the role",
908
+ "type": "array",
909
+ "items": {
910
+ "$ref": "#/components/schemas/Grant"
911
+ }
912
+ }
913
+ }
914
+ }
915
+ ]
916
+ },
917
+ "GrantCondition": {
918
+ "allOf": [
919
+ {
920
+ "description": "An additional condition that must be met for the grant",
921
+ "type": "object",
922
+ "required": [
923
+ "operation"
924
+ ]
925
+ },
926
+ {
927
+ "anyOf": [
928
+ {
929
+ "$ref": "#/components/schemas/EqualsCondition"
930
+ }
931
+ ]
932
+ }
933
+ ]
934
+ },
935
+ "EqualsCondition": {
936
+ "description": "Check if attribute equals to any of the values",
937
+ "type": "object",
938
+ "properties": {
939
+ "attribute": {
940
+ "type": "string",
941
+ "example": "workflows.primary.task_name"
942
+ },
943
+ "operation": {
944
+ "type": "string",
945
+ "enum": [
946
+ "equals"
947
+ ]
948
+ },
949
+ "values": {
950
+ "type": "array",
951
+ "items": {
952
+ "example": "Qualification"
953
+ }
954
+ }
955
+ },
956
+ "required": [
957
+ "attribute",
958
+ "operation",
959
+ "values"
960
+ ]
961
+ },
962
+ "RoleId": {
963
+ "type": "string",
964
+ "example": "123:owner",
965
+ "description": "Format: <organization_id>:<slug>"
966
+ },
967
+ "BaseRole": {
968
+ "type": "object",
969
+ "properties": {
970
+ "id": {
971
+ "$ref": "#/components/schemas/RoleId"
972
+ },
973
+ "name": {
974
+ "type": "string",
975
+ "example": "Owner",
976
+ "description": "Human-friendly name for the role"
977
+ },
978
+ "slug": {
979
+ "type": "string",
980
+ "example": "owner",
981
+ "description": "URL-friendly name for the role"
982
+ },
983
+ "type": {
984
+ "type": "string",
985
+ "description": "Type of the role"
986
+ },
987
+ "expires_at": {
988
+ "type": "string",
989
+ "format": "date-time",
990
+ "example": "2028-07-21T17:32:28Z",
991
+ "description": "date and time then the role will expire"
992
+ },
993
+ "organization_id": {
994
+ "$ref": "#/components/schemas/OrganizationId"
995
+ },
996
+ "grants": {
997
+ "type": "array",
998
+ "items": {
999
+ "$ref": "#/components/schemas/Grant"
1000
+ },
1001
+ "description": "List of grants (permissions) applied to the role"
1002
+ }
1003
+ },
1004
+ "required": [
1005
+ "id",
1006
+ "name",
1007
+ "slug",
1008
+ "type",
1009
+ "organization_id",
1010
+ "grants"
1011
+ ]
1012
+ },
1013
+ "BaseRoleForCreate": {
1014
+ "type": "object",
1015
+ "properties": {
1016
+ "id": {
1017
+ "$ref": "#/components/schemas/RoleId"
1018
+ },
1019
+ "name": {
1020
+ "type": "string",
1021
+ "example": "Owner",
1022
+ "description": "Human-friendly name for the role"
1023
+ },
1024
+ "slug": {
1025
+ "type": "string",
1026
+ "example": "owner",
1027
+ "description": "URL-friendly name for the role"
1028
+ },
1029
+ "type": {
1030
+ "type": "string",
1031
+ "description": "Type of the role"
1032
+ },
1033
+ "expires_at": {
1034
+ "type": "string",
1035
+ "format": "date-time",
1036
+ "example": "2028-07-21T17:32:28Z",
1037
+ "description": "date and time then the role will expire"
1038
+ },
1039
+ "organization_id": {
1040
+ "$ref": "#/components/schemas/OrganizationId"
1041
+ },
1042
+ "grants": {
1043
+ "type": "array",
1044
+ "items": {
1045
+ "$ref": "#/components/schemas/Grant"
1046
+ },
1047
+ "description": "List of grants (permissions) applied to the role"
1048
+ }
1049
+ },
1050
+ "required": [
1051
+ "name",
1052
+ "slug",
1053
+ "type",
1054
+ "grants"
1055
+ ]
1056
+ },
1057
+ "UserRole": {
1058
+ "allOf": [
1059
+ {
1060
+ "$ref": "#/components/schemas/BaseRole"
1061
+ },
1062
+ {
1063
+ "description": "A standard user role. Must be explicitly assigned to users.",
1064
+ "properties": {
1065
+ "type": {
1066
+ "enum": [
1067
+ "user_role"
1068
+ ]
1069
+ },
1070
+ "parent_role": {
1071
+ "allOf": [
1072
+ {
1073
+ "$ref": "#/components/schemas/RoleId"
1074
+ },
1075
+ {
1076
+ "description": "Optional parent role that this role inherits from. Must be an `org_role` or `share_role`."
1077
+ }
1078
+ ]
1079
+ }
1080
+ }
1081
+ }
1082
+ ]
1083
+ },
1084
+ "OrgRole": {
1085
+ "allOf": [
1086
+ {
1087
+ "$ref": "#/components/schemas/BaseRole"
1088
+ },
1089
+ {
1090
+ "description": "A role automatically applied to all users in an organization.",
1091
+ "properties": {
1092
+ "type": {
1093
+ "enum": [
1094
+ "org_role"
1095
+ ]
1096
+ },
1097
+ "pricing_tier": {
1098
+ "type": "string",
1099
+ "description": "The pricing tier of the organization this root role is based on",
1100
+ "example": "Professional"
1101
+ }
1102
+ }
1103
+ }
1104
+ ]
1105
+ },
1106
+ "ShareRole": {
1107
+ "allOf": [
1108
+ {
1109
+ "$ref": "#/components/schemas/BaseRole"
1110
+ },
1111
+ {
1112
+ "description": "A role that can be assigned to users in other organizations for sharing purposes.",
1113
+ "properties": {
1114
+ "type": {
1115
+ "enum": [
1116
+ "share_role"
1117
+ ]
1118
+ }
1119
+ }
1120
+ }
1121
+ ]
1122
+ },
1123
+ "PartnerRole": {
1124
+ "allOf": [
1125
+ {
1126
+ "$ref": "#/components/schemas/BaseRole"
1127
+ },
1128
+ {
1129
+ "description": "A role that appears in another organization's role list that can be assigned but not modified by the partner organization.",
1130
+ "properties": {
1131
+ "type": {
1132
+ "enum": [
1133
+ "partner_role"
1134
+ ]
1135
+ },
1136
+ "partner_org_id": {
1137
+ "allOf": [
1138
+ {
1139
+ "description": "Partner organization who can assign this role to their users."
1140
+ },
1141
+ {
1142
+ "$ref": "#/components/schemas/OrganizationId"
1143
+ }
1144
+ ]
1145
+ },
1146
+ "vendor_enforced_user_limit": {
1147
+ "type": "integer",
1148
+ "readOnly": true,
1149
+ "description": "Maximum number of users that can be assigned this role (vendor-enforced limit, can only be set via internal auth)"
1150
+ }
1151
+ }
1152
+ }
1153
+ ]
1154
+ },
1155
+ "PortalRole": {
1156
+ "allOf": [
1157
+ {
1158
+ "$ref": "#/components/schemas/BaseRole"
1159
+ },
1160
+ {
1161
+ "description": "A role that is applied to end customers and installers using the Portals",
1162
+ "properties": {
1163
+ "type": {
1164
+ "enum": [
1165
+ "portal_role"
1166
+ ]
1167
+ }
1168
+ }
1169
+ }
1170
+ ]
1171
+ },
1172
+ "Role": {
1173
+ "oneOf": [
1174
+ {
1175
+ "$ref": "#/components/schemas/UserRole"
1176
+ },
1177
+ {
1178
+ "$ref": "#/components/schemas/OrgRole"
1179
+ },
1180
+ {
1181
+ "$ref": "#/components/schemas/ShareRole"
1182
+ },
1183
+ {
1184
+ "$ref": "#/components/schemas/PartnerRole"
1185
+ },
1186
+ {
1187
+ "$ref": "#/components/schemas/PortalRole"
1188
+ }
1189
+ ]
1190
+ },
1191
+ "RolePayload": {
1192
+ "allOf": [
1193
+ {
1194
+ "properties": {
1195
+ "grants": {
1196
+ "type": "array",
1197
+ "items": {
1198
+ "$ref": "#/components/schemas/GrantWithDependencies"
1199
+ }
1200
+ }
1201
+ }
1202
+ },
1203
+ {
1204
+ "oneOf": [
1205
+ {
1206
+ "$ref": "#/components/schemas/UserRole"
1207
+ },
1208
+ {
1209
+ "$ref": "#/components/schemas/OrgRole"
1210
+ },
1211
+ {
1212
+ "$ref": "#/components/schemas/ShareRole"
1213
+ },
1214
+ {
1215
+ "$ref": "#/components/schemas/PartnerRole"
1216
+ },
1217
+ {
1218
+ "$ref": "#/components/schemas/PortalRole"
1219
+ }
1220
+ ]
1221
+ }
1222
+ ]
1223
+ },
1224
+ "Assignment": {
1225
+ "type": "object",
1226
+ "description": "A role attached to an user",
1227
+ "properties": {
1228
+ "user_id": {
1229
+ "$ref": "#/components/schemas/UserId"
1230
+ },
1231
+ "roles": {
1232
+ "type": "array",
1233
+ "items": {
1234
+ "$ref": "#/components/schemas/RoleId"
1235
+ }
1236
+ }
1237
+ }
1238
+ },
1239
+ "InternalAssignment": {
1240
+ "type": "object",
1241
+ "description": "A role attached to an user",
1242
+ "properties": {
1243
+ "userId": {
1244
+ "$ref": "#/components/schemas/UserId"
1245
+ },
1246
+ "roles": {
1247
+ "type": "array",
1248
+ "items": {
1249
+ "$ref": "#/components/schemas/RoleId"
1250
+ }
1251
+ }
1252
+ }
1253
+ },
1254
+ "OrgAssignments": {
1255
+ "type": "object",
1256
+ "description": "All roles attached to an users of an organization",
1257
+ "properties": {
1258
+ "organizationId": {
1259
+ "$ref": "#/components/schemas/OrganizationId"
1260
+ },
1261
+ "assignments": {
1262
+ "type": "array",
1263
+ "items": {
1264
+ "$ref": "#/components/schemas/InternalAssignment"
1265
+ }
1266
+ }
1267
+ }
1268
+ },
1269
+ "OrgRoles": {
1270
+ "type": "object",
1271
+ "description": "All roles attached to an users of an organization",
1272
+ "properties": {
1273
+ "organizationId": {
1274
+ "$ref": "#/components/schemas/OrganizationId"
1275
+ },
1276
+ "roles": {
1277
+ "type": "array",
1278
+ "items": {
1279
+ "$ref": "#/components/schemas/Role"
1280
+ }
1281
+ }
1282
+ }
1283
+ },
1284
+ "Assignments": {
1285
+ "type": "array",
1286
+ "description": "List of role ids attached to an user",
1287
+ "items": {
1288
+ "$ref": "#/components/schemas/RoleId"
1289
+ }
1290
+ },
1291
+ "UserId": {
1292
+ "type": "string",
1293
+ "example": "1",
1294
+ "description": "Id of a user"
1295
+ },
1296
+ "OrganizationId": {
1297
+ "type": "string",
1298
+ "example": "123",
1299
+ "description": "Id of an organization"
1300
+ },
1301
+ "Slug": {
1302
+ "type": "string",
1303
+ "example": "owner",
1304
+ "description": "Slug of a role; for a role with id = 123:manager -> 123 is org_id & manager is slug"
1305
+ },
1306
+ "RoleSearchInput": {
1307
+ "type": "object",
1308
+ "properties": {
1309
+ "role_ids": {
1310
+ "type": "array",
1311
+ "description": "List of role ids to filter by",
1312
+ "example": [
1313
+ "123:manager",
1314
+ "456:owner"
1315
+ ],
1316
+ "items": {
1317
+ "$ref": "#/components/schemas/RoleId"
1318
+ }
1319
+ },
1320
+ "org_ids": {
1321
+ "type": "array",
1322
+ "description": "List of organization ids to filter by",
1323
+ "example": [
1324
+ "123",
1325
+ "456"
1326
+ ],
1327
+ "items": {
1328
+ "$ref": "#/components/schemas/OrganizationId"
1329
+ }
1330
+ },
1331
+ "slugs": {
1332
+ "type": "array",
1333
+ "description": "List of role slugs to filter by",
1334
+ "example": [
1335
+ "manager",
1336
+ "owner"
1337
+ ],
1338
+ "items": {
1339
+ "$ref": "#/components/schemas/Slug"
1340
+ }
1341
+ },
1342
+ "query": {
1343
+ "type": "string",
1344
+ "description": "Input to search across fields",
1345
+ "example": "Administrator"
1346
+ },
1347
+ "limit": {
1348
+ "type": "number",
1349
+ "description": "The Number of roles to return",
1350
+ "example": 1,
1351
+ "minimum": 1,
1352
+ "default": 50
1353
+ },
1354
+ "offset": {
1355
+ "type": "number",
1356
+ "description": "The number of roles to skip before starting to collect the result set",
1357
+ "example": 1,
1358
+ "minimum": 1,
1359
+ "default": 0
1360
+ }
1361
+ }
1362
+ },
1363
+ "CreateRolePayload": {
1364
+ "allOf": [
1365
+ {
1366
+ "properties": {
1367
+ "grants": {
1368
+ "type": "array",
1369
+ "items": {
1370
+ "$ref": "#/components/schemas/GrantWithDependencies"
1371
+ }
1372
+ }
1373
+ }
1374
+ },
1375
+ {
1376
+ "$ref": "#/components/schemas/BaseRoleForCreate"
1377
+ },
1378
+ {
1379
+ "oneOf": [
1380
+ {
1381
+ "description": "A standard user role. Must be explicitly assigned to users.",
1382
+ "properties": {
1383
+ "type": {
1384
+ "enum": [
1385
+ "user_role"
1386
+ ]
1387
+ },
1388
+ "parent_role": {
1389
+ "allOf": [
1390
+ {
1391
+ "$ref": "#/components/schemas/RoleId"
1392
+ },
1393
+ {
1394
+ "description": "Optional parent role that this role inherits from. Must be an `org_role` or a sharing role of type `share_role` or `partner_role`."
1395
+ }
1396
+ ]
1397
+ }
1398
+ }
1399
+ },
1400
+ {
1401
+ "description": "A role automatically applied to all users in an organization.",
1402
+ "properties": {
1403
+ "type": {
1404
+ "enum": [
1405
+ "org_role"
1406
+ ]
1407
+ },
1408
+ "pricing_tier": {
1409
+ "type": "string",
1410
+ "description": "The pricing tier of the organization this root role is based on",
1411
+ "example": "Professional"
1412
+ }
1413
+ }
1414
+ },
1415
+ {
1416
+ "description": "A role that can be assigned to users in other organizations for sharing purposes.",
1417
+ "properties": {
1418
+ "type": {
1419
+ "enum": [
1420
+ "share_role"
1421
+ ]
1422
+ }
1423
+ }
1424
+ },
1425
+ {
1426
+ "description": "A role that appears in another organization's role list that can be assigned but not modified by the partner organization.",
1427
+ "properties": {
1428
+ "type": {
1429
+ "enum": [
1430
+ "partner_role"
1431
+ ]
1432
+ },
1433
+ "partner_org_id": {
1434
+ "allOf": [
1435
+ {
1436
+ "description": "Partner organization who can assign this role to their users."
1437
+ },
1438
+ {
1439
+ "$ref": "#/components/schemas/OrganizationId"
1440
+ }
1441
+ ]
1442
+ }
1443
+ }
1444
+ },
1445
+ {
1446
+ "description": "A role that is applied to end customers and installers using the Portals",
1447
+ "properties": {
1448
+ "type": {
1449
+ "enum": [
1450
+ "portal_role"
1451
+ ]
1452
+ }
1453
+ }
1454
+ }
1455
+ ]
1456
+ }
1457
+ ]
1458
+ },
1459
+ "Error": {
1460
+ "type": "object",
1461
+ "description": "Error response",
1462
+ "properties": {
1463
+ "message": {
1464
+ "type": "string",
1465
+ "description": "Error message",
1466
+ "example": "Parent role 123:nonexistent does not exist"
1467
+ }
1468
+ },
1469
+ "required": [
1470
+ "message"
1471
+ ]
1472
+ }
1473
+ }
1474
+ },
1475
+ "servers": [
1476
+ {
1477
+ "url": "https://permissions.sls.epilot.io"
1478
+ }
1479
+ ]
1480
+ }