Implement REST API: Save User Permissions Endpoint #33393
Description
Description
Implement a REST endpoint to save/update permissions for a user's individual role on a specific asset (host/folder).
(This endpoint replaces the legacy DWR/AJAX functionality used in the DotAdmin Users > Permissions tab)
Acceptance Criteria
- PUT /api/v1/users/{userId}/permissions/{assetId} endpoint accepts userId (or email) and assetId
- Replaces ALL permissions for a user's individual role on the specified asset
- Omitted permission scopes are automatically removed
- Request body accepts:
- host (required): Host ID or hostname
- path (optional): Path for folder permissions (default: "/")
- permissions (required): Object with permission levels by scope
- cascade (optional): Apply to all children (default: false)
- Permission scopes: individual, sites, folders, containers, templates, templateLayouts, pages, links, content, structures, categories, rules
- Permission values: READ, WRITE, PUBLISH, EDIT_PERMISSIONS, CAN_ADD_CHILDREN (hosts/folders only)
- Only users with EDIT_PERMISSIONS permission on the asset can update
- Returns updated permission details with roleId and success message
- Returns 400 for invalid permissions, 403 for unauthorized, 404 for not found, 500 for failures
- Follows existing ResponseEntityView wrapper pattern
Priority
None
Additional Context
No response