Get the permission list - DingTalk Help Center

Call this API to query the file permission list of a user based on the specified ID (file uuid, Knowledge Base rootNodeId, or Knowledge Base node nodeId) and operator ID.

Request

Basic information

Field	Value
HTTP URL	`https://api.dingtalk.io/v2.0/storage/spaces/dentries/{dentryUuid}/permissions/query`
HTTP Method	POST
Supported app types	appType-Internal app
Permission required	permission-Storage.Permission.Read-Read permission for organization storage authorization information

Request headers

Name	Type	Required	Description
x-acs-dingtalk-access-token	String	Yes	The access credential for calling this API. Call the Get the access token of an internal app API to obtain it.

Path parameters

Name	Type	Required	Description
dentryUuid	String	Yes	The file uuid. Call the File Search API or the Get dentryUuid information API to obtain the dentryUuid field from the response.

Query parameters

Name	Type	Required	Description
unionId	String	Yes	The unionId of the user. Call the Query user details API to obtain it.

Request body

Name	Type	Required	Description
option	Object	No	Optional parameter.
nextToken	String	No	The pagination cursor.
maxResults	Integer	No	The page size. Default value: 30.
filterRoleIds	Array of String	No	The roles to filter by.

Request example

HTTP

POST /v2.0/storage/spaces/dentries/EpGxxxxN7R35y/permissions/query?unionId=tXgxxxxRAiEiE HTTP/1.1
Host:api.dingtalk.io
x-acs-dingtalk-access-token:access_token
Content-Type:application/json

{
  "option" : {
    "nextToken" : "next_token",
    "maxResults" : 30,
    "filterRoleIds" : [ "role_id" ],
    "filterMemberTypes" : [ ]
  }
}

Java

package com.aliyun.sample;

import com.aliyun.tea.*;

public class Sample {

    /**
     * <b>description</b> :
     * <p>Initialize the account Client using a Token</p>
     * @return Client
     * 
     * @throws Exception
     */
    public static com.aliyun.dingtalkstorage_2_0.Client createClient() throws Exception {
        com.aliyun.teaopenapi.models.Config config = new com.aliyun.teaopenapi.models.Config();
        config.protocol = "https";
        config.regionId = "central";
        return new com.aliyun.dingtalkstorage_2_0.Client(config);
    }

    public static void main(String[] args_) throws Exception {
        
        com.aliyun.dingtalkstorage_2_0.Client client = Sample.createClient();
        com.aliyun.dingtalkstorage_2_0.models.ListPermissionsHeaders listPermissionsHeaders = new com.aliyun.dingtalkstorage_2_0.models.ListPermissionsHeaders();
        listPermissionsHeaders.xAcsDingtalkAccessToken = "<your access token>";
        com.aliyun.dingtalkstorage_2_0.models.ListPermissionsRequest.ListPermissionsRequestOption option = new com.aliyun.dingtalkstorage_2_0.models.ListPermissionsRequest.ListPermissionsRequestOption()
                .setNextToken("next_token")
                .setMaxResults(30)
                .setFilterRoleIds(java.util.Arrays.asList(
                    "role_id"
                ));
        com.aliyun.dingtalkstorage_2_0.models.ListPermissionsRequest listPermissionsRequest = new com.aliyun.dingtalkstorage_2_0.models.ListPermissionsRequest()
                .setUnionId("tXgxxxxRAiEiE")
                .setOption(option);
        try {
            client.listPermissionsWithOptions("EpGxxxxN7R35y", listPermissionsRequest, listPermissionsHeaders, new com.aliyun.teautil.models.RuntimeOptions());
        } catch (TeaException err) {
            if (!com.aliyun.teautil.Common.empty(err.code) && !com.aliyun.teautil.Common.empty(err.message)) {
                // err contains code and message attributes to help locate the issue
            }

        } catch (Exception _err) {
            TeaException err = new TeaException(_err.getMessage(), _err);
            if (!com.aliyun.teautil.Common.empty(err.code) && !com.aliyun.teautil.Common.empty(err.message)) {
                // err contains code and message attributes to help locate the issue
            }

        }        
    }
}

Python

# -*- coding: utf-8 -*-
# This file is auto-generated, don't edit it. Thanks.
import os
import sys
import json

from typing import List

from alibabacloud_dingtalk.storage_2_0.client import Client as dingtalkstorage_2_0Client
from alibabacloud_tea_openapi import models as open_api_models
from alibabacloud_dingtalk.storage_2_0 import models as dingtalkstorage__2__0_models
from alibabacloud_tea_util import models as util_models
from alibabacloud_tea_util.client import Client as UtilClient

class Sample:
    def __init__(self):
        pass

    @staticmethod
    def create_client() -> dingtalkstorage_2_0Client:
        """
        Initialize the account Client using a Token
        @return: Client
        @throws Exception
        """
        config = open_api_models.Config()
        config.protocol = 'https'
        config.region_id = 'central'
        return dingtalkstorage_2_0Client(config)

    @staticmethod
    def main(
        args: List[str],
    ) -> None:
        client = Sample.create_client()
        list_permissions_headers = dingtalkstorage__2__0_models.ListPermissionsHeaders()
        list_permissions_headers.x_acs_dingtalk_access_token = '<your access token>'
        option = dingtalkstorage__2__0_models.ListPermissionsRequestOption(
            next_token='next_token',
            max_results=30,
            filter_role_ids=[
                'role_id'
            ]
        )
        list_permissions_request = dingtalkstorage__2__0_models.ListPermissionsRequest(
            union_id='tXgxxxxRAiEiE',
            option=option
        )
        try:
            client.list_permissions_with_options('EpGxxxxN7R35y', list_permissions_request, list_permissions_headers, util_models.RuntimeOptions())
        except Exception as err:
            if not UtilClient.empty(err.code) and not UtilClient.empty(err.message):
                # err contains code and message attributes to help locate the issue
                pass

    @staticmethod
    async def main_async(
        args: List[str],
    ) -> None:
        client = Sample.create_client()
        list_permissions_headers = dingtalkstorage__2__0_models.ListPermissionsHeaders()
        list_permissions_headers.x_acs_dingtalk_access_token = '<your access token>'
        option = dingtalkstorage__2__0_models.ListPermissionsRequestOption(
            next_token='next_token',
            max_results=30,
            filter_role_ids=[
                'role_id'
            ]
        )
        list_permissions_request = dingtalkstorage__2__0_models.ListPermissionsRequest(
            union_id='tXgxxxxRAiEiE',
            option=option
        )
        try:
            await client.list_permissions_with_options_async('EpGxxxxN7R35y', list_permissions_request, list_permissions_headers, util_models.RuntimeOptions())
        except Exception as err:
            if not UtilClient.empty(err.code) and not UtilClient.empty(err.message):
                # err contains code and message attributes to help locate the issue
                pass

if __name__ == '__main__':
    Sample.main(sys.argv[1:])

PHP

<?php

// This file is auto-generated, don't edit it. Thanks.
namespace AlibabaCloud\SDK\Sample;

use AlibabaCloud\SDK\Dingtalk\Vstorage_2_0\Dingtalk;
use \Exception;
use AlibabaCloud\Tea\Exception\TeaError;
use AlibabaCloud\Tea\Utils\Utils;

use Darabonba\OpenApi\Models\Config;
use AlibabaCloud\SDK\Dingtalk\Vstorage_2_0\Models\ListPermissionsHeaders;
use AlibabaCloud\SDK\Dingtalk\Vstorage_2_0\Models\ListPermissionsRequest\option;
use AlibabaCloud\SDK\Dingtalk\Vstorage_2_0\Models\ListPermissionsRequest;
use AlibabaCloud\Tea\Utils\Utils\RuntimeOptions;

class Sample {

    /**
     * Initialize the account Client using a Token
     * @return Dingtalk Client
     */
    public static function createClient(){
        $config = new Config([]);
        $config->protocol = "https";
        $config->regionId = "central";
        return new Dingtalk($config);
    }

    /**
     * @param string[] $args
     * @return void
     */
    public static function main($args){
        $client = self::createClient();
        $listPermissionsHeaders = new ListPermissionsHeaders([]);
        $listPermissionsHeaders->xAcsDingtalkAccessToken = "<your access token>";
        $option = new option([
            "nextToken" => "next_token",
            "maxResults" => 30,
            "filterRoleIds" => [
                "role_id"
            ]
        ]);
        $listPermissionsRequest = new ListPermissionsRequest([
            "unionId" => "tXgxxxxRAiEiE",
            "option" => $option
        ]);
        try {
            $client->listPermissionsWithOptions("EpGxxxxN7R35y", $listPermissionsRequest, $listPermissionsHeaders, new RuntimeOptions([]));
        }
        catch (Exception $err) {
            if (!($err instanceof TeaError)) {
                $err = new TeaError([], $err->getMessage(), $err->getCode(), $err);
            }
            if (!Utils::empty_($err->code) && !Utils::empty_($err->message)) {
                // err contains code and message attributes to help locate the issue
            }
        }
    }
}
$path = __DIR__ . \DIRECTORY_SEPARATOR . '..' . \DIRECTORY_SEPARATOR . 'vendor' . \DIRECTORY_SEPARATOR . 'autoload.php';
if (file_exists($path)) {
    require_once $path;
}
Sample::main(array_slice($argv, 1));

package main

import (
  "encoding/json"
  "strings"
  "fmt"
  "os"
  util  "github.com/alibabacloud-go/tea-utils/v2/service"
  dingtalkstorage_2_0  "github.com/alibabacloud-go/dingtalk/storage_2_0"
  openapi  "github.com/alibabacloud-go/darabonba-openapi/v2/client"
  "github.com/alibabacloud-go/tea/tea"
)

// Description:
// 
// Initialize the account Client using a Token
// 
// @return Client
// 
// @throws Exception
func CreateClient () (_result *dingtalkstorage_2_0.Client, _err error) {
  config := &openapi.Config{}
  config.Protocol = tea.String("https")
  config.RegionId = tea.String("central")
  _result = &dingtalkstorage_2_0.Client{}
  _result, _err = dingtalkstorage_2_0.NewClient(config)
  return _result, _err
}

func _main (args []*string) (_err error) {
  client, _err := CreateClient()
  if _err != nil {
    return _err
  }

  listPermissionsHeaders := &dingtalkstorage_2_0.ListPermissionsHeaders{}
  listPermissionsHeaders.XAcsDingtalkAccessToken = tea.String("<your access token>")
  option := &dingtalkstorage_2_0.ListPermissionsRequestOption{
    NextToken: tea.String("next_token"),
    MaxResults: tea.Int32(30),
    FilterRoleIds: []*string{tea.String("role_id")},
  }
  listPermissionsRequest := &dingtalkstorage_2_0.ListPermissionsRequest{
    UnionId: tea.String("tXgxxxxRAiEiE"),
    Option: option,
  }
  tryErr := func()(_e error) {
    defer func() {
      if r := tea.Recover(recover()); r != nil {
        _e = r
      }
    }()
    _, _err = client.ListPermissionsWithOptions(tea.String("EpGxxxxN7R35y"), listPermissionsRequest, listPermissionsHeaders, &util.RuntimeOptions{})
    if _err != nil {
      return _err
    }

    return nil
  }()

  if tryErr != nil {
    var err = &tea.SDKError{}
    if _t, ok := tryErr.(*tea.SDKError); ok {
      err = _t
    } else {
      err.Message = tea.String(tryErr.Error())
    }
    if !tea.BoolValue(util.Empty(err.Code)) && !tea.BoolValue(util.Empty(err.Message)) {
      // err contains code and message attributes to help locate the issue
    }

  }
  return _err
}

func main() {
  err := _main(tea.StringSlice(os.Args[1:]))
  if err != nil {
    panic(err)
  }
}

Node.js

'use strict';
// This file is auto-generated, don't edit it
const Util = require('@alicloud/tea-util');
const dingtalkstorage_2_0 = require('@alicloud/dingtalk/storage_2_0');
const OpenApi = require('@alicloud/openapi-client');
const Tea = require('@alicloud/tea-typescript');

class Client {

  /**
   * Initialize the account Client using a Token
   * @return Client
   * @throws Exception
   */
  static createClient() {
    let config = new OpenApi.Config({ });
    config.protocol = 'https';
    config.regionId = 'central';
    return new dingtalkstorage_2_0.default(config);
  }

  static async main(args) {
    let client = Client.createClient();
    let listPermissionsHeaders = new dingtalkstorage_2_0.ListPermissionsHeaders({ });
    listPermissionsHeaders.xAcsDingtalkAccessToken = '<your access token>';
    let option = new dingtalkstorage_2_0.ListPermissionsRequestOption({
      nextToken: 'next_token',
      maxResults: 30,
      filterRoleIds: [
        'role_id'
      ],
    });
    let listPermissionsRequest = new dingtalkstorage_2_0.ListPermissionsRequest({
      unionId: 'tXgxxxxRAiEiE',
      option: option,
    });
    try {
      await client.listPermissionsWithOptions('EpGxxxxN7R35y', listPermissionsRequest, listPermissionsHeaders, new Util.RuntimeOptions({ }));
    } catch (err) {
      if (!Util.default.empty(err.code) && !Util.default.empty(err.message)) {
        // err contains code and message attributes to help locate the issue
      }

    }    
  }

}

exports.Client = Client;
Client.main(process.argv.slice(2));

using Newtonsoft.Json;
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;

using Tea;
using Tea.Utils;

namespace AlibabaCloud.SDK.Sample
{
    public class Sample 
    {

        /// <term><b>Description:</b></term>
        /// <description>
        /// <para>Initialize the account Client using a Token</para>
        /// </description>
        /// 
        /// <returns>
        /// Client
        /// </returns>
        /// 
        /// <term><b>Exception:</b></term>
        /// Exception
        public static AlibabaCloud.SDK.Dingtalkstorage_2_0.Client CreateClient()
        {
            AlibabaCloud.OpenApiClient.Models.Config config = new AlibabaCloud.OpenApiClient.Models.Config();
            config.Protocol = "https";
            config.RegionId = "central";
            return new AlibabaCloud.SDK.Dingtalkstorage_2_0.Client(config);
        }

        public static void Main(string[] args)
        {
            AlibabaCloud.SDK.Dingtalkstorage_2_0.Client client = CreateClient();
            AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.ListPermissionsHeaders listPermissionsHeaders = new AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.ListPermissionsHeaders();
            listPermissionsHeaders.XAcsDingtalkAccessToken = "<your access token>";
            AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.ListPermissionsRequest.ListPermissionsRequestOption option = new AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.ListPermissionsRequest.ListPermissionsRequestOption
            {
                NextToken = "next_token",
                MaxResults = 30,
                FilterRoleIds = new List<string>
                {
                    "role_id"
                },
            };
            AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.ListPermissionsRequest listPermissionsRequest = new AlibabaCloud.SDK.Dingtalkstorage_2_0.Models.ListPermissionsRequest
            {
                UnionId = "tXgxxxxRAiEiE",
                Option = option,
            };
            try
            {
                client.ListPermissionsWithOptions("EpGxxxxN7R35y", listPermissionsRequest, listPermissionsHeaders, new AlibabaCloud.TeaUtil.Models.RuntimeOptions());
            }
            catch (TeaException err)
            {
                if (!AlibabaCloud.TeaUtil.Common.Empty(err.Code) && !AlibabaCloud.TeaUtil.Common.Empty(err.Message))
                {
                    // err contains code and message attributes to help locate the issue
                }
            }
            catch (Exception _err)
            {
                TeaException err = new TeaException(new Dictionary<string, object>
                {
                    { "message", _err.Message }
                });
                if (!AlibabaCloud.TeaUtil.Common.Empty(err.Code) && !AlibabaCloud.TeaUtil.Common.Empty(err.Message))
                {
                    // err contains code and message attributes to help locate the issue
                }
            }
        }

    }
}

Response

Response body

Name	Type	Description
permissions	Array	The paginated list of permissions. Up to 30 items are returned.
dentryUuid	String	The file uuid.
member	Object	The permission member.
type	String	The type of the permission member. Enum values: - ORG: Organization - DEPT: Department - TAG: Custom tag - CONVERSATION: Chat - USER: User
id	String	The ID of the permission member: - When `type=ORG`, id is the organization ID. - When `type=DEPT`, id is the department ID. - When `type=TAG`, id is the tag ID. - When `type=CONVERSATION`, id is the chat ID. - When `type=USER`, id is the employee userId.
corpId	String	The organization that the permission belongs to. - If an organization ID is present, the permission is automatically cleaned up when the corresponding member leaves. - If memberType is dept, an organization ID is required.
name	String	The name of the member.
role	Object	The permission role.
id	String	The role ID. Enum values: - OWNER: Owner, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW - PermissionPrivilegeEnum.READ - PermissionPrivilegeEnum.WRITE - PermissionPrivilegeEnum.DOWNLOAD - PermissionPrivilegeEnum.ADD - PermissionPrivilegeEnum.DELETE - PermissionPrivilegeEnum.MODIFY - PermissionPrivilegeEnum.COPY - PermissionPrivilegeEnum.RENAME - PermissionPrivilegeEnum.READ_PERMISSION - PermissionPrivilegeEnum.WRITE_PERMISSION - PermissionPrivilegeEnum.ASSIGN - MANAGER: Manager, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW - PermissionPrivilegeEnum.READ - PermissionPrivilegeEnum.WRITE - PermissionPrivilegeEnum.DOWNLOAD - PermissionPrivilegeEnum.ADD - PermissionPrivilegeEnum.DELETE - PermissionPrivilegeEnum.MODIFY - PermissionPrivilegeEnum.COPY - PermissionPrivilegeEnum.RENAME - PermissionPrivilegeEnum.READ_PERMISSION - PermissionPrivilegeEnum.WRITE_PERMISSION - EDITOR: Editor, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW - PermissionPrivilegeEnum.READ - PermissionPrivilegeEnum.WRITE - PermissionPrivilegeEnum.DOWNLOAD - PermissionPrivilegeEnum.ADD - DOWNLOADER: View and download, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW - PermissionPrivilegeEnum.READ - PermissionPrivilegeEnum.DOWNLOAD - READER: View only, with the following permission scopes: - PermissionPrivilegeEnum.INFO - PermissionPrivilegeEnum.LIST - PermissionPrivilegeEnum.PREVIEW
name	String	The role name.
duration	Long	The validity period. An empty `duration` indicates that the authorization has no time limit.
nextToken	String	The pagination cursor. A non-empty `nextToken` indicates that more data is available.

Response body example

HTTP/1.1 200 OK
Content-Type:application/json

{
  "permissions" : [ {
    "dentryUuid" : "EpGBxxxxgN7R35y",
    "member" : {
      "type" : "USER",
      "id" : "01472xxxx041",
      "corpId" : "ding16b241fd05********288",
      "name" : "member_name"
    },
    "role" : {
      "id" : "MANAGER",
      "name" : "MANAGER"
    },
    "duration" : 3600
  } ],
  "nextToken" : "next_token"
}

Error codes

If an error occurs when calling this API, look up the solution in the Global error codes documentation based on the error message.

HttpCode	Error code	Error message	Description
400	paramError	%s	Parameter error
400	paramError.dentryUuid	%s	Parameter error - dentryUuid
400	paramError.roleId	%s	Parameter error - roleId
403	permissionDenied	%s	The user lacks permission to get the permission list
404	spaceNotExist	%s	Space does not exist
404	dentryNotExist	%s	File does not exist
500	systemError	%s	System error
500	unknownError	Unknown Error	Unknown error
503	operationTimeout	%s	Request timeout

​Request

​Basic information

​Request headers

​Path parameters

​Query parameters

​Request body

​Request example

​Response

​Response body

​Response body example

​Error codes