Hi,

Just to confirm - this won't affect calls to GET /api/v2/users/{userId} that use the "station" expand parameter, correct?

Daniel_Meyer:

PUT api/v2/users/{userId}/station/{stationId} - telephony:otherStationAssociation:edit

hello, Daniel

PUT api/v2/users/{userId}/station/{stationId} - telephony:otherStationAssociation:edit

This API does not exist.
It is not found in developer.

Can you tell me the exact API name?

There are two PUT-type APIs that contain station.
Is it one of the two APIs below? Or is it both?

put /api/v2/users/{userId}/station/associatedstation/{stationId}
or
put /api/v2/users/{userId}/station/defaultstation/{stationId}

Description

Required permissions are being added to the user station API endpoints.

Change Category

API

Change Context

Certain user station endpoints that allow viewing, changing, and deleting others' station associations currently do not perform any permissions check. The effect of this is that any authenticated user is currently able to manipulate others' station associations. It is desirable that system administrators be able to lock down such activity by granting or revoking permissions; thus this change.

Change Impact

After the change, the required permissions will be as follows:

GET api/v2/users/{userId}/station - telephony:otherStationAssociation:view
PUT api/v2/users/{userId}/station/{stationId} - telephony:otherStationAssociation:edit
DELETE api/v2/users/{userId}/station/associatedStation - telephony:station:disassociate
DELETE api/v2/stations/{stationId}/associatedUser - telephony:station:disassociate (currently requires telephony:plugin:all)

A permissions backfill will be performed so that affected users will not lose access to endpoints; system administrators can then revoke permissions as desired.

Date of Change

Mar 10, 2025

Impacted APIs

GET api/v2/users/{userId}/station
PUT api/v2/users/{userId}/station/{stationId}
DELETE api/v2/users/{userId}/station/associatedStation
DELETE api/v2/stations/{stationId}/associatedUser

References

[PURE-6104]