Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/TheSerchCp/SEAM-API/llms.txt

Use this file to discover all available pages before exploring further.

Creates an entry in the permissionXRole pivot table that links a permissionId to a roleId. Once assigned, all users whose role matches roleId are granted access to the route identified by that permission. The assignment takes effect immediately — subsequent requests from users with that role will pass the roles.middleware check for the associated route. The underlying INSERT IGNORE statement means that if the assignment already exists, no error is raised and the operation is treated as a no-op at the database level. A data:changed Socket.IO event is broadcast regardless.

Authentication

Requires a valid JWT and the POST /api/v1/permission/assign permission assigned to the caller’s role.

Request

Method: POST Path: /api/v1/permission/assign

Headers

Authorization
string
required
Bearer token obtained from the login endpoint. Format: Bearer <token>
Content-Type
string
required
Must be application/json.

Body

roleId
number
required
The numeric ID of the role to assign the permission to. Must be a JSON number (not a string).
permissionId
number
required
The numeric ID of the permission to assign. Must be a JSON number (not a string). Retrieve this from List Permissions or Get by URI.
Example Request Body
{
  "roleId": 2,
  "permissionId": 5
}

Response

200 OK

Returned when the assignment is successfully created (or silently ignored as a duplicate).
success
boolean
Always true for successful responses.
message
string
Human-readable confirmation message. Value: "Permiso asignado al rol exitosamente".
data
null
Always null for this operation.
Example Response
{
  "success": true,
  "message": "Permiso asignado al rol exitosamente",
  "data": null
}

Error Responses

StatusDescription
400 Bad RequestroleId or permissionId is missing or not a JSON number type.
401 UnauthorizedMissing or invalid JWT token.
403 ForbiddenAuthenticated user’s role lacks the POST /api/v1/permission/assign permission.
409 ConflictForeign-key violation — the specified roleId or permissionId does not exist.
400 Bad Request — Wrong Type
{
  "success": false,
  "message": "Solicitud inválida",
  "data": null
}

Code Example

cURL
curl -X POST http://localhost:3000/api/v1/permission/assign \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "roleId": 2,
    "permissionId": 5
  }'

Socket.IO Events

On success, the server emits the following events:
EventTargetOperationStatus sequence
operation:progressRequesting socketpermissions:assignstartsuccess
data:changedAll connected clientspermissions:assignBroadcast with no data payload (null)
Clients listening to data:changed can use the initiatorSocketId field in the payload to skip redundant UI updates if they already know the result from the HTTP response.

Build docs developers (and LLMs) love

Get started for freeTalk to us