Skip to main content

Overview

The Role Management API provides endpoints for managing user roles, permissions, and access control in jshERP. Roles define what actions users can perform and what data they can access. Base Path: /role
Roles are essential for implementing role-based access control (RBAC) throughout the system.

CRUD Operations

Get Role Information

GET /role/info?id={id}
Retrieves detailed information for a specific role.
id
long
required
Role ID
code
integer
Response status code (200 for success)
info
object
Role entity object
curl -X GET "http://localhost:9999/jshERP-boot/role/info?id=1" \
  -H "Authorization: Bearer {token}"

Get Role List

GET /role/list?search={search}
Retrieves a paginated list of roles with optional filtering.
search
string
JSON string containing search filters:
  • name: Filter by role name
  • description: Filter by description
rows
array
Array of RoleEx objects with extended information
total
integer
Total number of records
curl -X GET "http://localhost:9999/jshERP-boot/role/list?search={\"name\":\"admin\"}" \
  -H "Authorization: Bearer {token}"

Create Role

POST /role/add
Creates a new role.
name
string
required
Role name (must be unique)
type
string
required
Role type:
  • public: System-wide role
  • tenant: Tenant-specific role
value
string
Role value/identifier
description
string
Role description
priceLimit
string
Price visibility configuration:
  • 0: No price limit (can see all prices)
  • 1: Purchase price hidden
  • 2: Retail price hidden
  • 3: Sale price hidden
enabled
boolean
default:"true"
Role enabled status
sort
string
Sort order for display
{
  "name": "Sales Manager",
  "type": "tenant",
  "value": "sales_manager",
  "description": "Manages sales operations",
  "priceLimit": "1",
  "enabled": true,
  "sort": "10"
}

Update Role

PUT /role/update
Updates an existing role’s configuration.
id
long
required
Role ID
name
string
Role name
type
string
Role type
value
string
Role value/identifier
description
string
Role description
priceLimit
string
Price visibility configuration
enabled
boolean
Role enabled status
sort
string
Sort order

Delete Role

DELETE /role/delete?id={id}
Deletes a role (soft delete).
Deleting a role will affect all users assigned to that role. Ensure users are reassigned before deletion.
id
long
required
Role ID to delete

Batch Delete Roles

DELETE /role/deleteBatch?ids={ids}
Deletes multiple roles in a single operation.
ids
string
required
Comma-separated role IDs (e.g., “1,2,3”)

Role Management

Check Role Name Exists

GET /role/checkIsNameExist?id={id}&name={name}
Checks if a role name is already in use.
id
long
required
Role ID (0 for new role)
name
string
Role name to check
status
boolean
true if name exists, false otherwise

Find User Roles

GET /role/findUserRole?UBType={type}&UBKeyId={keyId}
Retrieves roles for a specific user with checked status for role assignment.
UBType
string
required
User business type (e.g., “UserRole”)
UBKeyId
string
required
User business key ID (typically user ID)
array
array
Array of role objects with checked status
curl -X GET "http://localhost:9999/jshERP-boot/role/findUserRole?UBType=UserRole&UBKeyId=123" \
  -H "Authorization: Bearer {token}"

Get All Roles

GET /role/allList
Retrieves a complete list of all roles without pagination.
array
array
Array of all Role objects
[
  {
    "id": 1,
    "name": "Administrator",
    "type": "public",
    "enabled": true
  },
  {
    "id": 2,
    "name": "Sales Manager",
    "type": "tenant",
    "enabled": true
  }
]

Get Tenant Role List

GET /role/tenantRoleList
Retrieves roles specific to the current tenant.
array
array
Array of Role objects belonging to the current tenant

Batch Set Role Status

POST /role/batchSetStatus
Enables or disables multiple roles at once.
status
boolean
required
Status to set:
  • true: Enable roles
  • false: Disable roles
ids
string
required
Comma-separated role IDs
{
  "status": true,
  "ids": "1,2,3"
}

Data Models

Role Entity

id
long
Unique role identifier
name
string
Role name (displayed to users)
type
string
Role type:
  • public: System-wide role available to all tenants
  • tenant: Tenant-specific role
priceLimit
string
Price visibility restrictions:
  • 0: No restrictions
  • 1: Purchase price hidden
  • 2: Retail price hidden
  • 3: Sale price hidden
value
string
Role value/identifier (used in code)
description
string
Detailed description of the role’s purpose
enabled
boolean
Role enabled status:
  • true: Role is active and can be assigned
  • false: Role is disabled
sort
string
Sort order for display purposes
tenantId
long
Associated tenant ID (null for public roles)
deleteFlag
string
Soft delete flag (used internally)

Role Types

Public Roles

  • System-wide roles defined by administrators
  • Available across all tenants
  • Cannot be modified by tenant users
  • Examples: Administrator, System Manager

Tenant Roles

  • Created and managed by tenant administrators
  • Specific to individual tenants
  • Can be customized per tenant needs
  • Examples: Sales Manager, Warehouse Staff

Price Limit Configuration

The priceLimit field controls what price information users with this role can view:
ValueDescriptionHidden Prices
0No limitNone (full access)
1Purchase price hiddenPurchase/cost prices
2Retail price hiddenRetail prices
3Sale price hiddenSale prices
Use price limits to restrict sensitive pricing information from users who don’t need access to it, such as hiding purchase costs from sales staff.

Common Use Cases

Creating a New Role

  1. Check if the role name exists using /role/checkIsNameExist
  2. Create the role using /role/add with appropriate permissions
  3. Configure price limits if needed
  4. Assign the role to users

Assigning Roles to Users

  1. Get the user’s current roles using /role/findUserRole
  2. Update the user’s role assignments through the user business API
  3. Verify the changes by checking user permissions

Managing Role Hierarchy

  1. Use the sort field to establish role display order
  2. Public roles typically have lower sort values
  3. Tenant-specific roles follow the public roles

Best Practices

Role Naming: Use clear, descriptive names that indicate the role’s purpose and permissions level.
Price Limits: Carefully configure price limits based on business requirements. Consider what information each role needs to perform their job effectively.
Role Deletion: Always check for users assigned to a role before deleting it. Consider disabling the role instead of deleting it.
Tenant Isolation: Tenant roles are isolated per tenant. Each tenant can create roles with the same name without conflicts.

Permissions and Access Control

Roles work in conjunction with other permission systems:
  • Button Permissions: Control which UI buttons are visible
  • Module Permissions: Control access to different modules
  • Data Permissions: Control what data can be viewed/modified
  • Price Limits: Control price information visibility

Error Codes

CodeDescription
200Success
500Internal server error
All endpoints return a standard response format with code and data fields. Check the code field to determine success or failure.

Build docs developers (and LLMs) love

Get started for freeTalk to us