Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/TheSerchCp/SEAM-API/llms.txt

Use this file to discover all available pages before exploring further.

Removes the entry from the permissionXRole pivot table that links a permissionId to a roleId. After the unassignment, the roles.middleware will deny any request to the associated route made by users whose only qualifying role was this one. Access is revoked immediately on the next request — no restart required. If the roleId/permissionId combination does not exist in the pivot table, the operation succeeds silently (no error is raised).
Removing a permission from a role takes effect immediately. Any user currently authenticated with that role will be denied access to the associated route on their very next request, even if they are mid-session. Ensure you communicate maintenance windows or confirm that no active users rely on this permission before revoking it.

Authentication

Requires a valid JWT and the DELETE /api/v1/permission/unassign permission assigned to the caller’s role.

Request

Method: DELETE Path: /api/v1/permission/unassign

Headers

Authorization
string
required
Bearer token obtained from the login endpoint. Format: Bearer <token>
Content-Type
string
required
Must be application/json. This DELETE endpoint accepts a JSON body.

Body

roleId
number
required
The numeric ID of the role to remove the permission from. Must be a JSON number (not a string).
permissionId
number
required
The numeric ID of the permission to remove. Must be a JSON number (not a string).
Example Request Body
{
  "roleId": 2,
  "permissionId": 5
}

Response

200 OK

Returned when the unassignment completes. If the combination did not exist, the operation succeeds silently.
success
boolean
Always true for successful responses.
message
string
Human-readable confirmation message. Value: "Permiso removido del rol exitosamente".
data
null
Always null for this operation.
Example Response
{
  "success": true,
  "message": "Permiso removido del rol exitosamente",
  "data": null
}

Error Responses

StatusDescription
400 Bad RequestroleId or permissionId is missing or not a JSON number type.
401 UnauthorizedMissing or invalid JWT token.
403 ForbiddenAuthenticated user’s role lacks the DELETE /api/v1/permission/unassign permission.
400 Bad Request
{
  "success": false,
  "message": "Solicitud inválida",
  "data": null
}

Code Example

cURL
curl -X DELETE http://localhost:3000/api/v1/permission/unassign \
  -H "Authorization: Bearer <your_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "roleId": 2,
    "permissionId": 5
  }'

Socket.IO Events

On success, the server emits the following events:
EventTargetOperationStatus sequence
operation:progressRequesting socketpermissions:unassignstartsuccess
data:changedAll connected clientspermissions:unassignBroadcast with no data payload (null)
Clients listening to data:changed can use the initiatorSocketId field in the payload to skip redundant UI updates if they already know the result from the HTTP response.

Build docs developers (and LLMs) love

Get started for freeTalk to us