Permission Profiles
Taxi & Private Hire › Products › ACL › Permission Profiles
Generally available
Named access profiles that grant rights to specific data types and actions through a configurable rule tree. Each user has at most one profile, and every request is checked against it before it is allowed through. Operators build profiles in the console — for example "drivers can only read trips assigned to them" or "junior dispatch can edit trips but not customers".
Example request
POST /client/{clientId}/permissionprofile
{
"name": "<string>",
"accessTree": {}
}
Example shape, derived from the PermissionProfile fields — indicative,
not the authoritative schema (that arrives with the API reference).
Endpoints
| Method | Path | |
|---|---|---|
POST | /client/{clientId}/permissionprofile · primary | |
GET | /client/{clientId}/permissionprofile/{permissionProfileId} | |
POST | /client/{clientId}/permissionprofile/{permissionProfileId} |
Full request/response schemas and an interactive explorer will live in the API reference (coming soon).
Related
Fields
| Field | Type | Description |
|---|---|---|
name | string | Display name for the profile ("Owner", "Junior Dispatch", "Read-Only Auditor"). Shown in the user-edit screen. |
accessTree | JsonStorage | JsonCondition decision tree evaluated by AclSubscriber. Leaves match on (entityName, action) pairs; returning true grants access. Empty tree denies everything. |
clientId | bigint | Tenant scope. Every tenant-aware entity carries this; `ClientFilter` enforces row-level isolation on read; the multi-tenancy routing layer (`/client/{clientId}`) sets it at create time. Surfaced only under `admin` / `tripLog` groups — never to end users. |
internalKey | string | Optional client-supplied external reference / idempotency key. When present, lets external systems correlate platform-side records back to their own source-of-truth ids. Not persisted to a column — populated by the request handler when the caller sets it. |
__objectType | string | Discriminator string (entity class short-name) emitted alongside the id in serialized output. Resolved at read time by `getObjectType()`; lets the FE dispatch entity-specific rendering without inspecting the URL. |
id | bigint | Snowflake-style primary key (unsigned BIGINT). Generated by `IdFactory` at create time; surfaced to the FE / API as a `G`-prefixed string and stripped back to plain bigint server-side before Doctrine lookup. |
createdDate | integer | Unix timestamp the row was first persisted. Set in the entity's PrePersist hook; never rewritten on subsequent updates. |
updatedDate | integer | Unix timestamp the row was last touched. Bumped on every commit that hits the Doctrine UoW for this entity; drives FE invalidation + the listing change cursor. |
passiveUpdatedDate | int | Read-through alias for `updatedDate` exposed under different serializer groups. Lets the FE distinguish "real edit" from "background touch" projections without changing the underlying column. |
listingUpdatedDate | int | Listing-projection timestamp surfaced only under the `listMode` group. Driven by `TripCache` and other listing-shape refreshers separately from `updatedDate` so a listing rebuild doesn't trigger detail-page invalidation. |