Problem
daptin-cli relate <entity> <ref> usergroup_id <group_ref> creates the usergroup association, but the resulting association row may not have the permission bits required for group access.
For OAuth/integration rows, we need both:
- the entity row permission to include group access, for example
1622016
- the usergroup association itself to include Group Peek/Read/Execute/Refer
Currently the CLI supports:
- creating the relation with
relate
- inspecting the relation with
related ... --columns name,reference_id,permission
But it does not appear to expose a supported way to set the association permission during relation creation or update it afterward.
Reproduction
daptin-cli update oauth_connect <oauth_connect_ref> permission=1622016
daptin-cli relate oauth_connect <oauth_connect_ref> usergroup_id <users_group_ref>
daptin-cli related oauth_connect <oauth_connect_ref> usergroup_id --columns name,reference_id,permission
Observed result: the users association exists, but its permission can remain at a default value that does not include the required Group Peek permission.
Expected Behavior
The CLI should provide a supported public interface for relation-row permissions. Either:
relate accepts a permission argument, for example:
daptin-cli relate oauth_connect <ref> usergroup_id <users_group_ref> --permission 1622016
or
- a dedicated command exists to update relation permissions without requiring callers to address generated internal join-table names.
Why This Matters
For integrations exposed through the users usergroup, the entity row permission alone is not enough. The association permission also controls whether group members can discover and use the related object.
Without a supported CLI path, operators are pushed toward generated internal _has_usergroup_usergroup_id tables, which should not be treated as a stable operational interface.
Requested Fix
Add a supported CLI/API workflow to set and verify usergroup association permissions, and document the correct command sequence for integration/OAuth provider setup.
Problem
daptin-cli relate <entity> <ref> usergroup_id <group_ref>creates the usergroup association, but the resulting association row may not have the permission bits required for group access.For OAuth/integration rows, we need both:
1622016Currently the CLI supports:
relaterelated ... --columns name,reference_id,permissionBut it does not appear to expose a supported way to set the association permission during relation creation or update it afterward.
Reproduction
Observed result: the
usersassociation exists, but itspermissioncan remain at a default value that does not include the required Group Peek permission.Expected Behavior
The CLI should provide a supported public interface for relation-row permissions. Either:
relateaccepts a permission argument, for example:or
Why This Matters
For integrations exposed through the
usersusergroup, the entity row permission alone is not enough. The association permission also controls whether group members can discover and use the related object.Without a supported CLI path, operators are pushed toward generated internal
_has_usergroup_usergroup_idtables, which should not be treated as a stable operational interface.Requested Fix
Add a supported CLI/API workflow to set and verify usergroup association permissions, and document the correct command sequence for integration/OAuth provider setup.