Verify a User, Application or Group Is a Member of the Approvers List
/sites/management/api/v1/policies/{id}/approvers/contains
Checks that the provided user, client application or group is either a direct or indirect member of the approvers list. If the provided user is not a member of the approvers list the response will be false
. If the user specified is a member of the approvers list the response with be true
.
Introduced in release 19.3.3.
Enabling the Approvers List
The approvers list is only used if the approvalType
of the associated policy is set to named approval. If the approval type type is set to automatic
or admin
the members of the approvers list are ignored. However, it is valid to alter the approvers list when the policy is not set to named
.
For more information, see Update the Fields of a Policy.
Request Body Alternative Identifiers
The request body references resources that support alternative identifiers. These alternative identifiers can be used instead of using the default resource identifier.
groupGroup Name
The default identifier for a Member resource is the Id.
A group member can be identified using the unique group name.
group:marketing
Introduced in release 19.3.1.
userUser or Application Name
The default identifier for a Member resource is the Id.
A user or client application member can be identified using user or application name.
user:jsmith
Introduced in release 19.3.1.
Successful Response Examples
This operation responds with the following success (2xx) responses. For a full list of response HTTP status codes and example bodies, consult the Response section of this operation.
200OK - User
A user is referenced using the user:username
syntax.
Request
POST https://api.example.com/sites/management/api/v1/policies/{id}/approvers/contains
Request Body
"user:jsmith"
200OK - Client Application
A client application is referenced using the user:applicationname
syntax.
Request
POST https://api.example.com/sites/management/api/v1/policies/{id}/approvers/contains
Request Body
"application:MyProduct_APPID"
Introduced in release 20.3.3.200OK - Group
A group is referenced using the group:groupname
syntax. If both an Oracle Content Management group and Identity Provider group have the same name, the OCE group is used.
Request
POST https://api.example.com/sites/management/api/v1/policies/{id}/approvers/contains
Request Body
"group:marketing"
200OK - Oracle Content Management Group
An Oracle Content Management group is referenced using the group:oce:groupname
syntax.
Request
POST https://api.example.com/sites/management/api/v1/policies/{id}/approvers/contains
Request Body
"group:oce:marketing"
200OK - Identity Provider Group
An identity provider supplied group is referenced using the group:idp:groupname
syntax.
Request
POST https://api.example.com/sites/management/api/v1/policies/{id}/approvers/contains
Request Body
"group:idp:marketing"
200OK - Authenticated User
The authenticated user can be referenced using the user:@me
syntax.
Request
POST https://api.example.com/sites/management/api/v1/policies/{id}/approvers/contains
Request Body
"user:@me"
200OK
Request
POST https://api.example.com/sites/management/api/v1/policies/{id}/approvers/contains
Response Body
false
Client Error Response Examples
This operation responds with following client error (4xx) responses with exception details in the response body. For a full list of response HTTP status codes and example bodies, consult the Response section of this operation.
400Bad Request - Invalid User or Application
A user or client application identified cannot be found.
Error Code
OCE-IDS-001004
Resolution - Check User Exists
Check that the user name is valid.
Resolution - Check Client Application Exists
Check that the client application name is valid.
Exception Detail Fields
This error type includes the following fields/values in the response:
Field Name | Description |
user | User or application that does not exist. |
For detailed information about this exception detail type, consult the InvalidIdentityExceptionDetail schema in the definitions section of the swagger document.
Example Response Body
{ "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1", "title": "Invalid User or Application", "status": "400", "detail": "User or client application does not exist.", "o:errorCode": "OCE-IDS-001004", "user": { "id": "1234" } }
Introduced in release 19.3.1.
400Bad Request - Invalid Group
A group identified with an identifier such as the group name cannot be found.
Error Code
OCE-IDS-001007
Resolution - Check Group Exists
Check that the group identifier or group name is valid.
Exception Detail Fields
This error type includes the following fields/values in the response:
Field Name | Description |
group | Group that does not exist. |
For detailed information about this exception detail type, consult the InvalidGroupExceptionDetail schema in the definitions section of the swagger document.
Example Response Body
{ "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1", "title": "Invalid Group", "status": "400", "detail": "Group does not exist.", "o:errorCode": "OCE-IDS-001007", "group": { "id": "1234" } }
Introduced in release 19.3.1.
404Not Found - Policy Not Found
The policy does not exist or has been deleted, or the authenticated user or client application does not have access to the policy.
Error Code
OCE-SITEMGMT-009022
Resolution - Check Identifier
Check that the policy identifier is valid.
Resolution - Check Role
Check that the authenticated user is a site administrator.
Resolution - Check Access
If the user is not a site administrator then check the policy 'accessType' includes the authenticated user.
Exception Detail Fields
This error type includes the following fields/values in the response:
Field Name | Description |
policy | Policy that does not exist or is not visible to the authenticated user. |
For detailed information about this exception detail type, consult the PolicyNotFoundExceptionDetail schema in the definitions section of the swagger document.
Example Response Body
{ "type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1", "title": "Policy Not Found", "status": "404", "detail": "Policy does not exist or has been deleted, or the authenticated user or client application does not have access to the policy.", "o:errorCode": "OCE-SITEMGMT-009022", "policy": { "id": "721af08b-32db-4eee-b6af-0c38d3ba4681" } }
Request
- application/json
-
id: string
Globally unique identifier for a policy.
User or group to check for membership.
string
"user:jsmith"
Response
- application/json
200 Response
-
Cache-Control: string
Directives for caching mechanisms.
-
Content-Length: string
Size of the response body.
-
Content-Type: string
Content type of the response.
-
ETag: string
Opaque identifier assigned by the origin server to a specific version of a resource.
boolean
false
400 Response
-
allOf
InvalidIdentityExceptionDetail
Introduced in release 19.3.1.
-
object
ExceptionDetail
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
-
object
InvalidIdentityExceptionDetail-allOf[1]
object
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
-
detail(optional):
string
Description specific to this occurrence of the problem. The human-readable, potentially multi-line details describing the problem in more details.
-
instance(optional):
string(uri)
URI to the link that provides more detail about the error.
-
o:errorCode(optional):
string
Application error code, which is different from HTTP error code. This code should be used to check for specific errors, rather than comparing fields such as the
title
ordetail
. -
o:errorDetails(optional):
array o:errorDetails
Multiple errors can be organized in a hierarchical structure.
-
o:errorPath(optional):
string
XPath or JSON path to indicate where the error occurs.
-
status(optional):
integer(int32)
Corresponding HTTP status code for the error.
-
title(optional):
string
Short, human-readable summary of the problem. It is not advisable to use the title as a way of checking for specific errors, use the
o:errorCode
for this purpose. -
type(optional):
string(uri)
Absolute URI that identifies the problem type. When this URI dereferenced, it should provide a human-readable summary of the problem, for example, as a HTML page.
object
-
user(optional):
string
User or application that does not exist.
Introduced in release 19.3.1.
array
Multiple errors can be organized in a hierarchical structure.
-
object
ExceptionDetail
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
{
"type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
"title":"Invalid User or Application",
"status":"400",
"detail":"User or client application does not exist.",
"o:errorCode":"OCE-IDS-001004",
"user":{
"id":"1234"
}
}
{
"type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
"title":"Invalid Group",
"status":"400",
"detail":"Group does not exist.",
"o:errorCode":"OCE-IDS-001007",
"group":{
"id":"1234"
}
}
401 Response
403 Response
404 Response
-
Cache-Control: string
Directives for caching mechanisms.
-
Content-Length: string
Size of the response body.
-
Content-Type: string
Content type of the response.
-
object
ExceptionDetail
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
-
object
PolicyNotFoundExceptionDetail-allOf[1]
object
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
-
detail(optional):
string
Description specific to this occurrence of the problem. The human-readable, potentially multi-line details describing the problem in more details.
-
instance(optional):
string(uri)
URI to the link that provides more detail about the error.
-
o:errorCode(optional):
string
Application error code, which is different from HTTP error code. This code should be used to check for specific errors, rather than comparing fields such as the
title
ordetail
. -
o:errorDetails(optional):
array o:errorDetails
Multiple errors can be organized in a hierarchical structure.
-
o:errorPath(optional):
string
XPath or JSON path to indicate where the error occurs.
-
status(optional):
integer(int32)
Corresponding HTTP status code for the error.
-
title(optional):
string
Short, human-readable summary of the problem. It is not advisable to use the title as a way of checking for specific errors, use the
o:errorCode
for this purpose. -
type(optional):
string(uri)
Absolute URI that identifies the problem type. When this URI dereferenced, it should provide a human-readable summary of the problem, for example, as a HTML page.
object
-
policy(optional):
string
Policy that does not exist or is not visible to the authenticated user.
array
Multiple errors can be organized in a hierarchical structure.
-
object
ExceptionDetail
In addition to HTTP error code and error messages, it is often desirable to provide additional information to the client when a request fails. In such cases, the additional information will be included in the response body.
{
"type":"http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1",
"title":"Policy Not Found",
"status":"404",
"detail":"Policy does not exist or has been deleted, or the authenticated user or client application does not have access to the policy.",
"o:errorCode":"OCE-SITEMGMT-009022",
"policy":{
"id":"721af08b-32db-4eee-b6af-0c38d3ba4681"
}
}