UserData api - Tizra/Tizra-Customer-Tracker GitHub Wiki

User Account Information

User accounts have associated metadata like a publication, and can be updated by the same basic Methods as publications.

The MetaType for user information is UserData.

Associated with a User is a list of the Licenses attached to that user that define the user's privileges and purchases.

It is possible to directly fetch the information for a user by use of a GET operation on that user's management API URL. See the GET API documentation for details

UserData Type

Both user accounts and licenses can have associated properties which can be tailored as needed. These show up as the "props" field in the JSON record descriptions below. The most useful data types for use in access control are keyword, boolean, integer, date, or the associated list types: keyword-list, boolean-list, integer-list. more on Types

A UserData record represents the identity of a user in the Tizra system. As always, Tizra JSON records may contain additional fields that are not described here -- additional fields can be safely ignored. In actual records, you will see some duplicate fields with slightly different names (included to support older uses of the JSON records).

Here's a typical example:

{
   "email": "[email protected]", 
   "metaType": "UserData", 
   "props": {
       "AdminTags": ["tizra.com", "remote", "code"], 
	"IsTeacher": true,
       "City": "Providence", 
       "CountryCode": "PL", 
       "Email": "", 
       "EmailAddress": "", 
       "FirstName": "david", 
       "JobFunction": "232", 
       "LastName": "testo", 
       "Province": "", 
       "SchoolDistrictOrg": "", 
       "State": "", 
       "Street": "9 Catalpa Road", 
       "Street2": "", 
       "Tizra-customUrl": "", 
       "Zip": "02906"
   }, 
   "tizra-id": "pfss", 
   "url-id": "pfss", 
   "user-status": 1, 
   "user-status-description": "Active"
}

Fields that are present on all user accounts are the following: AdminTags, UserName, FirstName, LastName,UserVisibility, identifierType, userIdentifierStatus.

The ones generally of interest are AdminTags, UserName, FirstName, LastName:

  • AdminTags: This is a list of Tizra keywords, that can be used to define user sets, which can provide licenses to content to an account based on it's properties.
  • UserName: The user name for account login. May be an email address, on sites with online account signup, but when SSO is in use, is usually the unique identifier for the account on the remote system. A new Email address filed can be added in cases where SSO needs to track email.
  • Firstname, LastName: Pretty obvious...

The other standard properties are for special use -- contact Tizra for details.

In this example, I've added an IsTeacher property with a boolean value to indicate whether the individual is a teacher. User groups in Tizra are based on the "AdminTags" property. The presence of a value in that keyword list indicates a property of the user in question. Instead of a boolean value keyword property, we could instead add a "teacher" tag to this list, which would allow it to control group membership (and access control) directly.

As with publication updates each field or property is updated individually, (but all at once, even if it's a list); this means that adding a tag to a user must be done by first reading the current tags for the user, updating the list, and submitting the update.

The email field is the account name of the account. It need not be an email address, and if you wish it not to be, then you can create a property (visible in "props") to hold the actual email address.

UserData operations

It is not currently possible to create User accounts using the API.

When updating a User account the meta-type property must be specified and equal to UserData. It is not possible to change the username of an account, or the user-status of the account via the API at this time, but all props, including AdminTags can be updated.

Finding Users

The UserData meta-type can be used in the JSON Query Interface, however the secure variant of the query interface must be used, based at /admin-api/site-id/query, since user account data is privileged information.

Licenses

A license record looks like this:

{
   "active": true, 
   "controlled": "hed", 
   "props": {
       "testProp": "test value"
   }, 
   "terms": {
       "duration": 30, 
       "end-date": null, 
       "excluded-views": [], 
       "is-expired": false, 
       "start-date": null
   }
}

In cases where you are examining a license to allow an external system to make an access control decision (as for an external resource), you should create a Tizra-local resource to represent the external resources and identify it by the tizra-id of that resource. Licenses on that resource will have controlled values containing that tizra-id.