Articles in this section

Managing Access to Sites for a User

  • Updated

Note

Users granted “full site access” will have access to all sites, regardless of whether the instructions on this page are used to grant or revoke access to a specific site for the user

Granting Access to Site

To grant access to a site, issue a PATCH for the api/sites/{site_uuid}/users/{patient_uuid}/ endpoint -e.g:

curl \ 
-X PATCH https://ap.ua.painchek.com/api/sites/e302ab84-9366-4136-8eca-480b8bffd990/users/e9c57efe-f3e1-48c9-af90-15bf8ff8bde2/

A typical response looks like this:

{
"uuid": "2ba3a270-1aa3-44b9-a7eb-07506dd63120",
"site": "e302ab84-9366-4136-8eca-480b8bffd990",
"active": true,
"audit": [{
  "user": "e9c57efe-f3e1-48c9-af90-15bf8ff8bde2",
  "site": "e302ab84-9366-4136-8eca-480b8bffd990",
  "active": false,
  "changed_by": "c5fff8fd-e022-4ba4-a35d-ddee6b9fa276",
  "changed_at": "2020-10-01 05:02:39.339036+00:00"
  }],
"user": "e9c57efe-f3e1-48c9-af90-15bf8ff8bde2",
"created_by": "c5fff8fd-e022-4ba4-a35d-ddee6b9fa276",
"created_at": "2020-10-01T05:02:39.337651Z",
"modified_by": "c5fff8fd-e022-4ba4-a35d-ddee6b9fa276",
"modified_at": "2020-10-01T05:02:39.349607Z"
}

If the user already has access to the site, the command is effectively ignored - the call will still return a status of 200 in this case.

Revoking Access to Site

To revoke access to a site, issue a DELETE for the api/sites/{site_uuid}/users/{patient_uuid}/ endpoint. e.g.:

curl \
-X DELETE https://ap.ua.painchek.com/api/sites/e302ab84-9366-4136-8eca-480b8bffd990/users/e9c57efe-f3e1-48c9-af90-15bf8ff8bde2/

A typical response looks like this:

{
"uuid": "2ba3a270-1aa3-44b9-a7eb-07506dd63120",
"site": "e302ab84-9366-4136-8eca-480b8bffd990",
"active": false,
"audit": [{
  "user": "e9c57efe-f3e1-48c9-af90-15bf8ff8bde2",
  "site": "e302ab84-9366-4136-8eca-480b8bffd990",
  "active": false,
  "changed_by": "c5fff8fd-e022-4ba4-a35d-ddee6b9fa276",
  "changed_at": "2020-10-01T05:14:02.226256+00:00"
  },
  {
  "user": "e9c57efe-f3e1-48c9-af90-15bf8ff8bde2",
  "site": "e302ab84-9366-4136-8eca-480b8bffd990",
  "active": true,
  "changed_by": "c5fff8fd-e022-4ba4-a35d-ddee6b9fa276",
  "changed_at": "2020-10-01 05:13:18.404173+00:00"
  }],
"user": "e9c57efe-f3e1-48c9-af90-15bf8ff8bde2",
"created_by": "c5fff8fd-e022-4ba4-a35d-ddee6b9fa276",
"created_at": "2020-10-01T05:02:39.337651Z",
"modified_by": "c5fff8fd-e022-4ba4-a35d-ddee6b9fa276",
"modified_at": "2020-10-01T05:14:02.226256Z"
}

If the user doesn’t have access to the site, the command is effectively ignored - the call will still return a status of 200 in this case.

Related articles