TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59302 Commits
139 Branches
203 Tags
1.2 GiB
 
 
 
 
 
 
Tag: Branch: Tree: bc905390ea
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bc905390ea'
${ noResults }
openproject/docs/api/apiv3/endpoints/users.apib

1252 lines
42 KiB
Raw Blame History

# Group Users
## Actions
| Link | Description | Condition |
|:-------------------:| -------------------------------------------------------------------- | ---------------------------------------------------------------- |
| lock | Restrict the user from logging in and performing any actions | not locked; **Permission**: Administrator |
| show | Link to the OpenProject user page (HTML) | |
| unlock | Allow a locked user to login and act again | locked; **Permission**: Administrator |
| updateImmediately | Updates the user's attributes. | **Permission**: Administrator, manage_user global permission |
| delete | Permanently remove a user from the instance | **Permission**: Administrator, self-delete |
## Linked Properties
| Link | Description | Type | Constraints | Supported operations | Condition |
|:-----------:|-------------------------------------------------------------- | ------------- | --------------------- | -------------------- | ----------------------------------------- |
| self | This user | User | not null | READ | |
| auth_source | Link to the user's auth source (endpoint not yet implemented) | AuthSource | | READ / WRITE | **Permission**: Administrator |
| members | Link to collection of all the user's memberships. The list will only include the memberships in projects in which the requesting user has the necessary permissions. | MemberCollection | | READ | **Permission**: view members or manage members in any project |
Depending on custom fields defined for users, additional links might exist.
## Local Properties
| Property | Description | Type | Constraints | Supported operations | Condition |
| :----------: | --------------------------------------------------------- | -------- | ---------------------------------------------------- | -------------------- | ----------------------------------------------------------- |
| id | User's id | Integer | x > 0 | READ | |
| login | User's login name | String | unique, 256 max length | READ / WRITE | **Permission**: Administrator, manage_user global permission |
| firstName | User's first name | String | 30 max length | READ / WRITE | **Permission**: Administrator, manage_user global permission |
| lastName | User's last name | String | 30 max length | READ / WRITE | **Permission**: Administrator, manage_user global permission |
| name | User's full name, formatting depends on instance settings | String | | READ | |
| email | User's email address | String | unique, 60 max length | READ / WRITE | E-Mail address not hidden, **Permission**: Administrator, manage_user global permission |
| admin | Flag indicating whether or not the user is an admin | Boolean | in: [true, false] | READ / WRITE | **Permission**: Administrator |
| avatar | URL to user's avatar | Url | | READ | |
| status | The current activation status of the user (see below) | String | in: ["active", "registered", "locked", "invited"] | READ | |
| language | User's language | String | ISO 639-1 | READ / WRITE | **Permission**: Administrator, manage_user global permission |
| password | User's password for the default password authentication | String | | WRITE | **Permission**: Administrator |
| identity_url | User's identity_url for OmniAuth authentication | String | | READ / WRITE | **Permission**: Administrator |
| createdAt | Time of creation | DateTime | | READ | |
| updatedAt | Time of the most recent change to the user | DateTime | | READ | |
Depending on custom fields defined for users, additional properties might exist.
The `status` of a user can be one of:
* `active` - the user can log in with the account right away
* `invited` - the user is invited and is pending registration
If the user's `status` is set to `active` during creation a means of authentication
has to be provided which is one of the following:
* `password` - The password with which the user logs in.
* `auth_source` - Link to an LDAP auth source.
* `identity_url` - The identity URL of an OmniAuth authentication provider.
If all of these are missing the creation will fail with an "missing password" error.
The `language` is limited to those activated in the system.
Due to data privacy, the user's properties are limited to reveal as little about the user as possible.
Thus `login`, `firstName`, `lastName`, `language`, `createdAt` and `updatedAt` are hidden for all
users except for admins or the user themselves.
Please note that custom fields are not yet supported by the api although the backend supports them.
## View user [/api/v3/users/{id}]
+ Model
+ Body
{
"_type": "User",
"_links": {
"self": {
"href": "/api/v3/users/1",
"title": "j.sheppard"
},
"show": {
"href": "/users/1",
"type": 'text/html'
},
"lock": {
"href": "/api/v3/users/1/lock",
"method": "POST"
},
"updateImmediately": {
"href": "/api/v3/users/1",
"method": "PATCH"
},
"delete": {
"href": "/api/v3/users/1",
"method": "DELETE"
},
},
"id": 1,
"login": "j.sheppard",
"firstName": "John",
"lastName": "Sheppard",
"email": "shep@mail.com",
"admin": true,
"avatar": "https://example.org/users/1/avatar",
"status": "active",
"language": "en",
"createdAt": "2014-05-21T08:51:20Z",
"updatedAt": "2014-05-21T08:51:20Z"
}
## View user [GET]
+ Parameters
+ id (required, integer or `me`, `1`) ... User id. Use `me` to reference current user, if any.
+ Response 200 (application/hal+json)
[View user][]
+ Response 404 (application/hal+json)
Returned if the user does not exist or if the API user does not have permission to view them.
**Required permission** The user needs to be locked in if the installation is configured to prevent anonymous access
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:NotFound",
"message": "The specified user does not exist or you do not have permission to view them."
}
## Create User [/api/v3/users]
## Create User [POST]
Creates a new user. Only administrators and users with manage_user global permission are allowed to do so.
When calling this endpoint the client provides a single object, containing at least the properties and links that are required, in the body.
Valid values for `status`:
1) "active" - In this case a password has to be provided in addition to the other attributes.
2) "invited" - In this case nothing but the email address is required. The rest is optional. An invitation will be sent to the user.
+ Request Create User (application/json)
+ Body
{
"login": "h.wurst",
"email": "h.wurst@openproject.com",
"firstName": "Hans",
"lastName": "Wurst",
"admin": false,
"language": "de",
"status": "active",
"password": "hunter5"
}
+ Request Invite User (application/json)
+ Body
{
"email": "h.wurst@openproject.com",
"firstName": "Hanz",
"status": "invited"
}
+ Response 201
[View user][]
+ Response 400 (application/hal+json)
Occurs when the client did not send a valid JSON object in the request body.
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:InvalidRequestBody",
"message": "The request body was not a single JSON object."
}
+ Response 403 (application/hal+json)
Returned if the client does not have sufficient permissions.
**Required permission:** Administrator
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:MissingPermission",
"message": "You are not allowed to create new users."
}
+ Response 422 (application/hal+json)
Returned if:
* a constraint for a property was violated (`PropertyConstraintViolation`)
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:PropertyConstraintViolation",
"message": "The email address is already taken.",
"_embedded": {
"details": {
"attribute": "email"
}
}
}
##
## Update User [/api/v3/users/{id}]
## Update user [PATCH]
Updates the user's writable attributes.
When calling this endpoint the client provides a single object, containing at least the properties and links that are required, in the body.
+ Parameters
+ id (required, integer, `1`) ... User id
+ Request Update User (application/json)
+ Body
{
"login": "h.wurst",
"email": "h.wurst@openproject.com",
"firstName": "Hans",
"lastName": "Wurst",
"admin": true,
"language": "en"
}
+ Response 200
[View user][]
+ Response 400 (application/hal+json)
Occurs when the client did not send a valid JSON object in the request body.
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:InvalidRequestBody",
"message": "The request body was not a single JSON object."
}
+ Response 403 (application/hal+json)
Returned if the client does not have sufficient permissions.
**Required permission:** Administrators, manage_user global permission
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:MissingPermission",
"message": "You are not allowed to update the account of this user."
}
+ Response 404 (application/hal+json)
Returned if the user does not exist or if the API user does not have the necessary permissions to update it.
**Required permission:** Administrators only (exception: users may update their own accounts)
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:NotFound",
"message": "The specified user does not exist or you do not have permission to view them."
}
+ Response 422 (application/hal+json)
Returned if:
* the client tries to modify a read-only property (`PropertyIsReadOnly`)
* a constraint for a property was violated (`PropertyConstraintViolation`)
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:PropertyConstraintViolation",
"message": "The email address is already taken.",
"_embedded": {
"details": {
"attribute": "email"
}
}
}
## Delete User [/api/v3/users/{id}]
## Delete user [DELETE]
Permanently deletes the specified user account.
+ Parameters
+ id (required, integer, `1`) ... User id
+ Response 202
Returned if the account was deleted successfully.
Note that the response body is empty as of now. In future versions of the API a body
*might* be returned, indicating the progress of deletion.
+ Body
+ Response 403 (application/hal+json)
Returned if the client does not have sufficient permissions or if deletion of users was disabled in the instance wide settings.
**Required permission:** Administrators only (exception: users might be able to delete their own accounts)
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:MissingPermission",
"message": "You are not allowed to delete the account of this user."
}
+ Response 404 (application/hal+json)
Returned if the user does not exist.
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:NotFound",
"message": "The specified user does not exist."
}
## Lock user [/api/v3/users/{id}/lock]
## Lock user [POST]
+ Parameters
+ id (required, integer, `1`) ... User id
+ Response 200 (application/hal+json)
[View user][]
+ Response 400 (application/hal+json)
Returned if the client tries to lock a user account whose current status does not allow this transition.
**Required permission:** Administrators only
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:InvalidUserStatusTransition",
"message": "The current user account status does not allow this operation."
}
+ Response 403 (application/hal+json)
Returned if the client does not have sufficient permissions for locking a user.
**Required permission:** Administrators only
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:MissingPermission",
"message": "You are not allowed to lock the account of this user."
}
+ Response 404 (application/hal+json)
Returned if the user does not exist.
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:NotFound",
"message": "The specified user does not exist."
}
## Unlock user [/api/v3/users/{id}/lock]
## Unlock user [DELETE]
+ Parameters
+ id (required, integer, `1`) ... User id
+ Response 200 (application/hal+json)
[View user][]
+ Response 400 (application/hal+json)
Returned if the client tries to unlock a user account whose current status does not allow this transition.
**Required permission:** Administrators only
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:InvalidUserStatusTransition",
"message": "The current user account status does not allow this operation."
}
+ Response 403 (application/hal+json)
Returned if the client does not have sufficient permissions for unlocking a user.
**Required permission:** Administrators only
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:MissingPermission",
"message": "You are not allowed to unlock the account of this user."
}
+ Response 404 (application/hal+json)
Returned if the user does not exist.
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:NotFound",
"message": "The specified user does not exist."
}
## Users [/api/v3/users{?offset,pageSize,filters,sortBy}]
+ Model
+ Body
{
"_links": {
"self": { "href": "/api/v3/users" }
},
"total": 2,
"count": 1,
"_type": "Collection",
"_embedded": {
"elements": [
{
"_type": "User",
"_links": {
"self": {
"href": "/api/v3/users/1",
"title": "John Sheppard - j.sheppard"
},
"showUser": {
"href": "/users/1",
"type": 'text/html'
},
"lock": {
"href": "/api/v3/users/1/lock",
"title": "Set lock on j.sheppard"
"method": "POST"
},
"update": {
"href": "/api/v3/users/1",
"title": "Update j.sheppard"
"method": "PATCH"
},
"delete": {
"href": "/api/v3/users/1",
"title": "Delete j.sheppard"
"method": "DELETE"
}
},
"id": 1,
"login": "j.sheppard",
"firstName": "John",
"lastName": "Sheppard",
"email": "shep@mail.com",
"admin": true,
"avatar": "https://example.org/users/1/avatar",
"status": "active",
"language": "en",
"createdAt": "2014-05-21T08:51:20Z",
"updatedAt": "2014-05-21T08:51:20Z"
}
]
}
}
## List Users [GET]
Lists users. Only administrators or users with manage_user global permission have permission to do this.
+ Parameters
+ offset = `1` (optional, integer, `25`) ... Page number inside the requested collection.
+ pageSize (optional, integer, `25`) ... Number of elements to display per page.
+ filters (optional, string, `[{ "status": { "operator": "=", "values": ["invited"] } }, { "group": { "operator": "=", "values": ["1"] } }, { "name": { "operator": "=", "values": ["h.wurst@openproject.com"] } }]`) ... JSON specifying filter conditions.
Accepts the same format as returned by the [queries](#queries) endpoint. Currently supported filters are:
+ status: Status the user has
+ group: Name of the group in which to-be-listed users are members.
+ name: Filter users in whose first or last names, or email addresses the given string occurs.
+ login: User's login
+ sortBy (optional, string, `[["status", "asc"]]`) ... JSON specifying sort criteria.
Accepts the same format as returned by the [queries](#queries) endpoint.
+ Response 200 (application/hal+json)
[Users][]
+ Response 400 (application/hal+json)
Returned if the client sends an unknown sort column.
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:InvalidQuery",
"message": "Unknown sort column."
}
+ Response 403 (application/hal+json)
Returned if the client does not have sufficient permissions.
**Required permission:** Administrator
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:MissingPermission",
"message": "You are not allowed to list users."
}
## View user schema [/api/v3/users/schemas]
+ Model
+ Body
{
"_type": "Schema",
"_dependencies": [],
"id": {
"type": "Integer",
"name": "ID",
"required": true,
"hasDefault": false,
"writable": false,
"options": {}
},
"login": {
"type": "String",
"name": "Username",
"required": true,
"hasDefault": false,
"writable": true,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"admin": {
"type": "Boolean",
"name": "Administrator",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"mail": {
"type": "String",
"name": "Email",
"required": true,
"hasDefault": false,
"writable": true,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"firstName": {
"type": "String",
"name": "First name",
"required": true,
"hasDefault": false,
"writable": false,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"lastName": {
"type": "String",
"name": "Last name",
"required": true,
"hasDefault": false,
"writable": false,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"avatar": {
"type": "String",
"name": "Avatar",
"required": false,
"hasDefault": false,
"writable": false,
"options": {}
},
"status": {
"type": "String",
"name": "Status",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"identityUrl": {
"type": "String",
"name": "Identity url",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"language": {
"type": "String",
"name": "Language",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"password": {
"type": "Password",
"name": "Password",
"required": false,
"hasDefault": false,
"writable": false,
"options": {}
},
"createdAt": {
"type": "DateTime",
"name": "Created on",
"required": true,
"hasDefault": false,
"writable": false,
"options": {}
},
"updatedAt": {
"type": "DateTime",
"name": "Updated on",
"required": true,
"hasDefault": false,
"writable": false,
"options": {}
},
"customField1": {
"type": "String",
"name": "User String CF",
"required": false,
"hasDefault": false,
"writable": true
},
"customField2": {
"type": "CustomOption",
"name": "User List cf",
"required": false,
"hasDefault": false,
"writable": true,
"location": "_links"
},
"_links": {
"self": {
"href": "/api/v3/users/schema"
}
}
}
## View user schema [GET]
The schema response use two exemplary custom fields that extend the schema response. Depending on your instance and custom field configuration, the response will look somewhat different.
+ Response 200 (application/hal+json)
[View user schema][]
## User create form [/api/v3/users/{id}/form]
This endpoint returns a form allowing a guided creation of new users.
For more details and all possible responses see the general specification of [Forms](/docs/api/forms).
## Users create form [POST]
+ Request Create user form
+ Body
{
"mail": "foo@example.com",
"status": "invited",
"customField1": "Custom field text value",
"_links" {
"customField2" : {
"href": "/api/v3/custom_options/123"
}
}
}
+ Response 200 (application/hal+json)
+ Body
{
"_type": "Form",
"_embedded": {
"payload": {
"firstName": "bar",
"lastname": " @example.com",
"_links": {}
},
"schema": {
"_type": "Schema",
"_dependencies": [],
"id": {
"type": "Integer",
"name": "ID",
"required": true,
"hasDefault": false,
"writable": false,
"options": {}
},
"login": {
"type": "String",
"name": "Username",
"required": true,
"hasDefault": false,
"writable": true,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"admin": {
"type": "Boolean",
"name": "Administrator",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"mail": {
"type": "String",
"name": "Email",
"required": true,
"hasDefault": false,
"writable": true,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"firstName": {
"type": "String",
"name": "First name",
"required": true,
"hasDefault": false,
"writable": false,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"lastName": {
"type": "String",
"name": "Last name",
"required": true,
"hasDefault": false,
"writable": false,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"avatar": {
"type": "String",
"name": "Avatar",
"required": false,
"hasDefault": false,
"writable": false,
"options": {}
},
"status": {
"type": "String",
"name": "Status",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"identityUrl": {
"type": "String",
"name": "Identity url",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"language": {
"type": "String",
"name": "Language",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"password": {
"type": "Password",
"name": "Password",
"required": false,
"hasDefault": false,
"writable": false,
"options": {}
},
"createdAt": {
"type": "DateTime",
"name": "Created on",
"required": true,
"hasDefault": false,
"writable": false,
"options": {}
},
"updatedAt": {
"type": "DateTime",
"name": "Updated on",
"required": true,
"hasDefault": false,
"writable": false,
"options": {}
},
"customField1": {
"type": "String",
"name": "User String CF",
"required": false,
"hasDefault": false,
"writable": true,
"visibility": "default"
},
"customField2": {
"type": "CustomOption",
"name": "User List cf",
"required": false,
"hasDefault": false,
"writable": true,
"location": "_links",
"visibility": "default",
"_embedded": {
"allowedValues": [{
"_type": "CustomOption",
"id": 123,
"value": "abc",
"_links": {
"self": {
"href": "/api/v3/custom_options/123",
"title": "abc"
}
}
},
{
"_type": "CustomOption",
"id": 124,
"value": "foo",
"_links": {
"self": {
"href": "/api/v3/custom_options/124",
"title": "foo"
}
}
}
]
},
"_links": {
"allowedValues": [{
"href": "/api/v3/custom_options/123",
"title": "abc"
},
{
"href": "/api/v3/custom_options/124",
"title": "foo"
}
]
}
},
"_links": {}
},
"validationErrors": {}
},
"_links": {
"self": {
"href": "/api/v3/users/form",
"method": "post"
},
"validate": {
"href": "/api/v3/users/form",
"method": "post"
},
"commit": {
"href": "/api/v3/users",
"method": "post"
}
}
}
+ Response 400 (application/hal+json)
Occurs when the client did not send a valid JSON object in the request body.
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:InvalidRequestBody",
"message": "The request body was not a single JSON object."
}
+ Response 403 (application/hal+json)
Returned if the client does not have sufficient permissions.
**Required permission:** manage_user global permission
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:MissingPermission",
"message": "You are not authorized to access this resource."
}
## User update form [/api/v3/users/{id}/form]
This endpoint returns a form allowing a guided modification of existing users.
The returned payload part of the form will be contain a merge between the already existing properties' values (as long as they are writeable) and the provided values with the later having precedence.
For more details and all possible responses see the general specification of [Forms](/docs/api/forms).
## User update form [POST]
+ Parameters
+ id (required, integer, `1`) ... User id
+ Request Update user form
+ Body
{
"firstName": "Matthew"
"customField1": "An exemplary text custom field value",
"_links" {
"customField2" : {
"href": "/api/v3/custom_options/123"
}
}
}
+ Response 200 (application/hal+json)
+ Body
{
"_type": "Form",
"_embedded": {
"payload": {
"firstName": "Matthew",
"lastName": "Mercer",
"login": "matt@example.com",
"admin": false,
"email": "matt@example.com",
"identityUrl": null,
"language": "en",
"customField1": "An exemplary text custom field value",
"_links" {
"customField2" : {
"href": "/api/v3/custom_options/123"
}
}
},
"schema": {
"_type": "Schema",
"_dependencies": [],
"id": {
"type": "Integer",
"name": "ID",
"required": true,
"hasDefault": false,
"writable": false,
"options": {}
},
"login": {
"type": "String",
"name": "Username",
"required": true,
"hasDefault": false,
"writable": true,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"admin": {
"type": "Boolean",
"name": "Administrator",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"mail": {
"type": "String",
"name": "Email",
"required": true,
"hasDefault": false,
"writable": true,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"firstName": {
"type": "String",
"name": "First name",
"required": true,
"hasDefault": false,
"writable": false,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"lastName": {
"type": "String",
"name": "Last name",
"required": true,
"hasDefault": false,
"writable": false,
"minLength": 1,
"maxLength": 255,
"options": {}
},
"avatar": {
"type": "String",
"name": "Avatar",
"required": false,
"hasDefault": false,
"writable": false,
"options": {}
},
"status": {
"type": "String",
"name": "Status",
"required": false,
"hasDefault": false,
"writable": false,
"options": {}
},
"identityUrl": {
"type": "String",
"name": "Identity url",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"language": {
"type": "String",
"name": "Language",
"required": false,
"hasDefault": false,
"writable": true,
"options": {}
},
"password": {
"type": "Password",
"name": "Password",
"required": false,
"hasDefault": false,
"writable": false,
"options": {}
},
"createdAt": {
"type": "DateTime",
"name": "Created on",
"required": true,
"hasDefault": false,
"writable": false,
"options": {}
},
"updatedAt": {
"type": "DateTime",
"name": "Updated on",
"required": true,
"hasDefault": false,
"writable": false,
"options": {}
},
"customField1": {
"type": "String",
"name": "User String CF",
"required": false,
"hasDefault": false,
"writable": true,
"visibility": "default"
},
"customField2": {
"type": "CustomOption",
"name": "User List cf",
"required": false,
"hasDefault": false,
"writable": true,
"location": "_links",
"visibility": "default",
"_embedded": {
"allowedValues": [{
"_type": "CustomOption",
"id": 123,
"value": "abc",
"_links": {
"self": {
"href": "/api/v3/custom_options/123",
"title": "abc"
}
}
},
{
"_type": "CustomOption",
"id": 124,
"value": "foo",
"_links": {
"self": {
"href": "/api/v3/custom_options/124",
"title": "foo"
}
}
}
]
},
"_links": {
"allowedValues": [{
"href": "/api/v3/custom_options/123",
"title": "abc"
},
{
"href": "/api/v3/custom_options/124",
"title": "foo"
}
]
}
},
"_links": {}
},
"validationErrors": {}
},
"_links": {
"self": {
"href": "/api/v3/users/70917/form",
"method": "post"
},
"validate": {
"href": "/api/v3/users/70917/form",
"method": "post"
},
"commit": {
"href": "/api/v3/users/70917",
"method": "patch"
}
}
}
+ Response 400 (application/hal+json)
Occurs when the client did not send a valid JSON object in the request body.
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:InvalidRequestBody",
"message": "The request body was not a single JSON object."
}
+ Response 403 (application/hal+json)
Returned if the client does not have sufficient permissions.
**Required permission:** manage_user global permission
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:MissingPermission",
"message": "You are not authorized to access this resource."
}
+ Response 404 (application/hal+json)
Returned if the request user can not be found.
*Note: A client without sufficient permissions shall not be able to test for the existence of
a membership. That's why a 404 is returned here, even if a 403 might be more appropriate.*
+ Body
{
"_type": "Error",
"errorIdentifier": "urn:openproject-org:api:v3:errors:NotFound",
"message": "The requested resource could not be found."
}